About to give up

Discussion in 'Software' started by nakomis, Mar 24, 2004.

  1. nakomis

    nakomis Private E-2

    Not sure I'm in the correct forum, but here goes. I think I have a browser hijacker
    named enjoysearch.info
    I've run ad aware and spy bot ...I've also gone into my regedit and deleted all the
    indicators of this website, but it's still here! I don't know quite what to do now.
    Can someone assist me? Thanks-Donna
     
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Try CWShredder in spyware tools, might be related to that, otherwise, you may need Hijack This! which will take a bit longer to go through with you.

     
  3. nakomis

    nakomis Private E-2

    yes, that's what I had in my registry.
    I'll go get the hijack this.Once it's gone,
    will my ad aware/ spybot keep it out or do I need
    something else? Thanks
     
  4. nakomis

    nakomis Private E-2

    zip

    okay and sorry to ask a lame question, but I'm not very good with
    zipped files. I'm running xp on my dell 5150 so....do I just open it?
     
  5. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    XP shows the contents of a zip file, should be an extract all files option to the left. I usually keep a folder called Temp for downloading and extracting files.

    If you have any problems, download Winzip from our miscellaneous section.

     
  6. nakomis

    nakomis Private E-2

    okay..well I figured it out....here's what the log file came up with.


    Logfile of HijackThis v1.97.7
    Scan saved at 7:38:50 PM, on 3/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Donna\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
    O1 - Hosts: 198.65.164.171 ehttp.cc
    O1 - Hosts: 198.65.164.168 winlink.biz
    O1 - Hosts: 198.65.164.168 winlink.ws
    O1 - Hosts: 198.65.164.168 ad45.com
    O1 - Hosts: 198.65.164.168 www.ad45.com
    O1 - Hosts: 198.65.164.168 ad77.com
    O1 - Hosts: 198.65.164.168 www.ad77.com
    O1 - Hosts: 198.65.164.168 ad86.com
    O1 - Hosts: 198.65.164.168 www.ad86.com
    O1 - Hosts: 198.65.164.168 ad25.com
    O1 - Hosts: 198.65.164.168 www.ad25.com
    O1 - Hosts: 198.65.164.168 00hq.com
    O1 - Hosts: 198.65.164.168 www.00hq.com
    O1 - Hosts: 198.65.164.168 8ad.com
    O1 - Hosts: 198.65.164.168 www.8ad.com
    O1 - Hosts: 198.65.164.168 searchv.com
    O1 - Hosts: 198.65.164.168 www.searchv.com
    O1 - Hosts: 198.65.164.168 008k.com
    O1 - Hosts: 198.65.164.168 www.008k.com
    O1 - Hosts: 198.65.164.170 galleryspots.com
    O1 - Hosts: 198.65.164.170 www.galleryspots.com
    O1 - Hosts: 198.65.164.170 bigfreepics.com
    O1 - Hosts: 198.65.164.170 www.bigfreepics.com
    O1 - Hosts: 198.65.164.170 www.efinder.cc
    O1 - Hosts: 198.65.164.170 lop.com
    O1 - Hosts: 198.65.164.170 finder2003.com
    O1 - Hosts: 198.65.164.170 www.search-aid.com
    O1 - Hosts: 198.65.164.170 www.search2004.net
    O1 - Hosts: 198.65.164.170 www.hugesearch.net
    O1 - Hosts: 198.65.164.170 luckyfinder.com
    O1 - Hosts: 198.65.164.170 luckysearch.net
    O1 - Hosts: 198.65.164.170 kitasearch.com
    O1 - Hosts: 198.65.164.170 www.orbitexplorer.com
    O1 - Hosts: 198.65.164.170 www.sqwire.com
    O1 - Hosts: 198.65.164.170 www.traffichog.com
    O1 - Hosts: 198.65.164.170 allneedsearch.com
    O1 - Hosts: 198.65.164.170 www.yellow500.com
    O1 - Hosts: 198.65.164.170 www.008i.com
    O1 - Hosts: 198.65.164.170 www.opsex.com
    O1 - Hosts: 198.65.164.170 www.onlysex.ws
    O1 - Hosts: 198.65.164.170 www.7days.ws
    O1 - Hosts: 198.65.164.170 www.xsex.ws
    O1 - Hosts: 198.65.164.170 www.6o9.com
    O1 - Hosts: 198.65.164.170 search-company.com
    O1 - Hosts: 198.65.164.170 www.700k.com
    O1 - Hosts: 198.65.164.170 www.hotbookmark.com
    O1 - Hosts: 198.65.164.170 www.runsearch.com
    O1 - Hosts: 198.65.164.170 runsearch.com
    O1 - Hosts: 198.65.164.170 www.search-about.net
    O1 - Hosts: 198.65.164.170 go-all.com
    O1 - Hosts: 198.65.164.170 go-acct.com
    O1 - Hosts: 198.65.164.170 get-faster.com
    O1 - Hosts: 198.65.164.170 get-data.net
    O1 - Hosts: 198.65.164.170 get-certified.net
    O1 - Hosts: 198.65.164.170 get-access.com
    O1 - Hosts: 198.65.164.170 000info.com
    O1 - Hosts: 198.65.164.170 0-days.net
    O1 - Hosts: 198.65.164.170 0-2u.com
    O1 - Hosts: 198.65.164.170 0-29.com
    O1 - Hosts: 198.65.164.170 alfaporn.com
    O1 - Hosts: 198.65.164.170 i-lookup.com
    O1 - Hosts: 198.65.164.170 www.alfa-search.com
    O1 - Hosts: 198.65.164.170 www.dotcomtoolbar.com
    O1 - Hosts: 198.65.164.170 toteen.com
    O1 - Hosts: 198.65.164.170 www.find-itnow.com
    O1 - Hosts: 198.65.164.170 www.mixedporno.com
    O1 - Hosts: 198.65.164.170 eliteteensites.com
    O1 - Hosts: 198.65.164.170 newsexgate.com
    O1 - Hosts: 198.65.164.170 www.newsexgate.com
    O1 - Hosts: 198.65.164.170 uuporn.com
    O1 - Hosts: 198.65.164.170 www.uuporn.com
    O1 - Hosts: 198.65.164.170 hardcorevibe.com
    O1 - Hosts: 198.65.164.170 www.hardcorevibe.com
    O1 - Hosts: 198.65.164.170 overmix.com
    O1 - Hosts: 198.65.164.170 www.overmix.com
    O1 - Hosts: 198.65.164.170 theadultgate.com
    O1 - Hosts: 198.65.164.170 www.theadultgate.com
    O1 - Hosts: 198.65.164.170 hornygate.com
    O1 - Hosts: 198.65.164.170 www.hornygate.com
    O1 - Hosts: 198.65.164.170 sexxx-start.com
    O1 - Hosts: 198.65.164.170 www.sexxx-start.com
    O1 - Hosts: 198.65.164.170 logtoporn.com
    O1 - Hosts: 198.65.164.170 www.logtoporn.com
    O1 - Hosts: 198.65.164.170 3xpower.com
    O1 - Hosts: 198.65.164.170 www.3xpower.com
    O1 - Hosts: 198.65.164.170 start-search.com
    O1 - Hosts: 198.65.164.170 www.lookfor.cc
    O1 - Hosts: 198.65.164.170 www.hotsearchbox.com
    O1 - Hosts: 198.65.164.170 ie-search.com
    O1 - Hosts: 198.65.164.170 www.search-1.net
    O1 - Hosts: 198.65.164.170 swift-look.com
    O1 - Hosts: 198.65.164.170 www.swift-look.com
    O1 - Hosts: 198.65.164.170 www.search2525.com
    O1 - Hosts: 198.65.164.170 www.sureseeker.com
    O1 - Hosts: 198.65.164.170 www.searchmeup.com
    O1 - Hosts: 198.65.164.170 www.statblaster.com
    O1 - Hosts: 198.65.164.170 www.day4sex.com
    O1 - Hosts: 198.65.164.170 day4sex.com
    O1 - Hosts: 198.65.164.170 www.seek-porn.com
    O1 - Hosts: 198.65.164.170 seek-porn.com
    O1 - Hosts: 198.65.164.170 freexxxplace.com
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
    O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1
     
  7. nakomis

    nakomis Private E-2

    hosts

    is there someway I can delete the list starting with 01hosts? I don't see
    enjoysearch.info in there anywhere..unless I missed it.
     
  8. nakomis

    nakomis Private E-2

    remove

    I removed all the hosts listed as porn/sex sites, but I quit at the ones listed
    as like www.8ad.com or something like that. can I presume it's okay to 86 them?
     
  9. Greyhound

    Greyhound Sergeant

    No, don't delete anything yet, give us a chance to see if we can help you out. In the meantime Try this site and you will learn a lot. :)
     
  10. Endi

    Endi Lt. Links

    thats a lot of stuff you got there that should not be there.

    I know you ran ad aware and spybot but I must ask.

    did you update them both prior to runing them

    and also may I suggest the following program.

    this program gives you 30 days of use. I also use this program and it does find things that ad aware and spybot did not find
    if you are not satisfied with it just delete. I think you might like the program. even if you decide not to keep it. I am pretty sure it will find entries the other two did not find after you use it you may keep it for 30 days and then simply delete it:D
    http://www.bulletproofsoft.com/spyware-remover.html

    I searched the MG files first. I could not find it :)

    also you might want to run your antivirus program if you do not have one then use this
    an online virus scan
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    hijack this allows you to delete those entries just check mark them
     
    Last edited: Mar 24, 2004
    1 person likes this.
  11. IMSA

    IMSA Private First Class

    That Was An Eye Opener!

    I run Ad-aware and Spybot twice a week with no more than 5-6 things to remove. I ran BPS spyware remover and found 300+ cookies that needed to be removed.

    Thanks for the tip!

    IMSA
     
  12. nakomis

    nakomis Private E-2

    Well....I did end up 86'ing the obvious porn/sex sites. so hopefully that won't screw
    up your analysis. My boyfriend emailed me this morning at work and said the
    enjoysearch.info was still there!!! Yikes!
     
  13. nakomis

    nakomis Private E-2

    Yes, I did update/ run the latest issue of both those softwares. I ran my
    mcafee or actually I thought it was scanning all the time, but it didn't appear
    to show anything either. I guess I don't understand how it keeps ending up
    in my regedit....


     
  14. nakomis

    nakomis Private E-2

    wow!

    what a cool site..too bad I didn't have it last night..thanks! I just printed the 7pages of
    that site to take home.I appreciate all of the help. ...I need a Vulcan mind meld so I can
    know what y'all know.


     
  15. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    Just my 02
    you need to kill this
    O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs
    otherwise you are never going to kill the random hosts

    And i would reccomend dumping the Panicware pop-up stopper as this is a form of spyware in its own right

    My reccomendation the google toolbar which is free and has many uses including a pop-up stopper
    http://www.majorgeeks.com/download.php?det=4098
     
  16. Greyhound

    Greyhound Sergeant

    Good Call GLS, also with the pop-up-stopper. I used to run that too but now just the Google toolbar. I also think you should rerun and repost the HiJackThis again
     
  17. nakomis

    nakomis Private E-2

    re run

    Okay...I got rid of panic ware and deleted the 04 hklm which was suggested and re ran
    the hijack this. which I will put here.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:32:08 PM, on 3/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Donna\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
    O1 - Hosts: 198.65.164.171 ehttp.cc
    O1 - Hosts: 198.65.164.168 winlink.biz
    O1 - Hosts: 198.65.164.168 winlink.ws
    O1 - Hosts: 198.65.164.168 ad45.com
    O1 - Hosts: 198.65.164.168 www.ad45.com
    O1 - Hosts: 198.65.164.168 ad77.com
    O1 - Hosts: 198.65.164.168 www.ad77.com
    O1 - Hosts: 198.65.164.168 ad86.com
    O1 - Hosts: 198.65.164.168 www.ad86.com
    O1 - Hosts: 198.65.164.168 ad25.com
    O1 - Hosts: 198.65.164.168 www.ad25.com
    O1 - Hosts: 198.65.164.168 00hq.com
    O1 - Hosts: 198.65.164.168 www.00hq.com
    O1 - Hosts: 198.65.164.168 8ad.com
    O1 - Hosts: 198.65.164.168 www.8ad.com
    O1 - Hosts: 198.65.164.168 searchv.com
    O1 - Hosts: 198.65.164.168 www.searchv.com
    O1 - Hosts: 198.65.164.168 008k.com
    O1 - Hosts: 198.65.164.168 www.008k.com
    O1 - Hosts: 198.65.164.170 galleryspots.com
    O1 - Hosts: 198.65.164.170 www.galleryspots.com
    O1 - Hosts: 198.65.164.170 bigfreepics.com
    O1 - Hosts: 198.65.164.170 www.bigfreepics.com
    O1 - Hosts: 198.65.164.170 www.efinder.cc
    O1 - Hosts: 198.65.164.170 lop.com
    O1 - Hosts: 198.65.164.170 finder2003.com
    O1 - Hosts: 198.65.164.170 www.search-aid.com
    O1 - Hosts: 198.65.164.170 www.search2004.net
    O1 - Hosts: 198.65.164.170 www.hugesearch.net
    O1 - Hosts: 198.65.164.170 luckyfinder.com
    O1 - Hosts: 198.65.164.170 luckysearch.net
    O1 - Hosts: 198.65.164.170 kitasearch.com
    O1 - Hosts: 198.65.164.170 www.orbitexplorer.com
    O1 - Hosts: 198.65.164.170 www.sqwire.com
    O1 - Hosts: 198.65.164.170 www.traffichog.com
    O1 - Hosts: 198.65.164.170 allneedsearch.com
    O1 - Hosts: 198.65.164.170 www.yellow500.com
    O1 - Hosts: 198.65.164.170 www.008i.com
    O1 - Hosts: 198.65.164.170 www.opsex.com
    O1 - Hosts: 198.65.164.170 www.onlysex.ws
    O1 - Hosts: 198.65.164.170 www.7days.ws
    O1 - Hosts: 198.65.164.170 www.xsex.ws
    O1 - Hosts: 198.65.164.170 www.6o9.com
    O1 - Hosts: 198.65.164.170 search-company.com
    O1 - Hosts: 198.65.164.170 www.700k.com
    O1 - Hosts: 198.65.164.170 www.hotbookmark.com
    O1 - Hosts: 198.65.164.170 www.runsearch.com
    O1 - Hosts: 198.65.164.170 runsearch.com
    O1 - Hosts: 198.65.164.170 www.search-about.net
    O1 - Hosts: 198.65.164.170 go-all.com
    O1 - Hosts: 198.65.164.170 go-acct.com
    O1 - Hosts: 198.65.164.170 get-faster.com
    O1 - Hosts: 198.65.164.170 get-data.net
    O1 - Hosts: 198.65.164.170 get-certified.net
    O1 - Hosts: 198.65.164.170 get-access.com
    O1 - Hosts: 198.65.164.170 000info.com
    O1 - Hosts: 198.65.164.170 0-days.net
    O1 - Hosts: 198.65.164.170 0-2u.com
    O1 - Hosts: 198.65.164.170 0-29.com
    O1 - Hosts: 198.65.164.170 alfaporn.com
    O1 - Hosts: 198.65.164.170 i-lookup.com
    O1 - Hosts: 198.65.164.170 www.alfa-search.com
    O1 - Hosts: 198.65.164.170 www.dotcomtoolbar.com
    O1 - Hosts: 198.65.164.170 toteen.com
    O1 - Hosts: 198.65.164.170 www.find-itnow.com
    O1 - Hosts: 198.65.164.170 www.mixedporno.com
    O1 - Hosts: 198.65.164.170 eliteteensites.com
    O1 - Hosts: 198.65.164.170 newsexgate.com
    O1 - Hosts: 198.65.164.170 www.newsexgate.com
    O1 - Hosts: 198.65.164.170 uuporn.com
    O1 - Hosts: 198.65.164.170 www.uuporn.com
    O1 - Hosts: 198.65.164.170 hardcorevibe.com
    O1 - Hosts: 198.65.164.170 www.hardcorevibe.com
    O1 - Hosts: 198.65.164.170 overmix.com
    O1 - Hosts: 198.65.164.170 www.overmix.com
    O1 - Hosts: 198.65.164.170 theadultgate.com
    O1 - Hosts: 198.65.164.170 www.theadultgate.com
    O1 - Hosts: 198.65.164.170 hornygate.com
    O1 - Hosts: 198.65.164.170 www.hornygate.com
    O1 - Hosts: 198.65.164.170 sexxx-start.com
    O1 - Hosts: 198.65.164.170 www.sexxx-start.com
    O1 - Hosts: 198.65.164.170 logtoporn.com
    O1 - Hosts: 198.65.164.170 www.logtoporn.com
    O1 - Hosts: 198.65.164.170 3xpower.com
    O1 - Hosts: 198.65.164.170 www.3xpower.com
    O1 - Hosts: 198.65.164.170 start-search.com
    O1 - Hosts: 198.65.164.170 www.lookfor.cc
    O1 - Hosts: 198.65.164.170 www.hotsearchbox.com
    O1 - Hosts: 198.65.164.170 ie-search.com
    O1 - Hosts: 198.65.164.170 www.search-1.net
    O1 - Hosts: 198.65.164.170 swift-look.com
    O1 - Hosts: 198.65.164.170 www.swift-look.com
    O1 - Hosts: 198.65.164.170 www.search2525.com
    O1 - Hosts: 198.65.164.170 www.sureseeker.com
    O1 - Hosts: 198.65.164.170 www.searchmeup.com
    O1 - Hosts: 198.65.164.170 www.statblaster.com
    O1 - Hosts: 198.65.164.170 www.day4sex.com
    O1 - Hosts: 198.65.164.170 day4sex.com
    O1 - Hosts: 198.65.164.170 www.seek-porn.com
    O1 - Hosts: 198.65.164.170 seek-porn.com
    O1 - Hosts: 198.65.164.170 freexxxplace.com
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1



     
  18. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    hi well you need to run Hijack this close all other windows,then check the boxes next to each entry with this in it
    http://www.enjoysearch.info/search.html
    and these
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    and check the boxes for all the 01 hosts
    and this
    O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta

    select fix to clean these items, then reboot into safe mode (keep pressing F8 when you start your machine before windows loads) and delete this file C:\WINDOWS\system32\xvwizard32.hta

    You will need to show hidden files to find it, open a normal explorer window--select the tools tab---folder options---view--then look for the show hidden files option check the box to show--apply and ok
    You may want to change this back when your finished
     
  19. johnsr

    johnsr Private E-2

    General, Unless I've missed something, I think you've got product names mixed up. Panicwares PopUpStopper is one of the most respected programs of it's ilk. Recomended by Spywareinfo and many other prominent sites. IMHO, it's the best, and I have used it for years (I don't work for them).
    If you have information that says otherwise, would you please post it. This is not intended as a flame, I am just curious.
     
  20. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    something for your curiousity ;)

    http://pestpatrol.com/pestinfo/p/panicware_popup_stopper.asp
     
  21. NonSuch

    NonSuch Private E-2

    Nakomis,

    Follow Major Attitude's original advice and download CWShredder. Your system has indeed been attacked by CoolWebSearch and that needs to be addressed.

    After you run CWShredder and fix everything it recommends, then you can re-scan with HijackThis and post your new log.
     
  22. johnsr

    johnsr Private E-2

    General,
    Sorry, but after going to that page and clicking on EVERY link on it, I see nothing showing anything that points to, or attempts to, show that Pop up stopper contains spyware.
     
  23. radiot

    radiot Private First Class

    I continue to be very impressed with the support offered by folks on this bulletin board. It is impressive, and shows a neighborlyness not seen much in my neighborhood.

    I commend you all.:cool:

    D
     
  24. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    Well John as Star has pointed out this program contains Adware, and therefore is considered a pest, maybe my fault for bundling everything under the general tab of spyware

    However i dont want to tell you how to live your life, so if your happy with the program please continue to use it
    I only made the reccomendation for Nakomis and offered what myself and many others consider a better option in the Google Toolbar
    You have your opinion, i have mine and life still goes on :)
     
  25. omigosh

    omigosh Private E-2

    Re: Google Toolbar

    :D
    Hey General,
    I like your style; v cool and adult.
    I can also recommend the Google Toolbar for its popup blocker, but it has a number of other useful features too which I like--such as the highlight of search terms, for one. I often look up academic papers on the web, and to be able to find specific references at the click on this toggle enables me to get through lenghty documents in a whiz.
    Cheers, Omigosh. [​IMG]
     
  26. nakomis

    nakomis Private E-2

    Yikes!

    Okay....although going into safe mode is rreeeaaalllyyyy creepy...I'll give it a shot.
    Will try to get it done this afternoon.
    Thanks so much for your help.
    Donna



     
  27. nakomis

    nakomis Private E-2

    Creep show

    Well..I went into safe mode, but I have another question..there are two users on this
    machine. When it booted up it came up with me and administrator, not me and Frank
    the other user. So I went in as administrator. I believe I did what you asked correctly,
    but when I left safe mode and let it come back up I went in as Frank and in the hijack
    this for him all the enjoysearch junk was still there, but he didn't have any of the vbhosts
    nor did he have the c:\windows\system32\xvwizard32.hta
    He did have a file string similar except after the c\windows\ it listed my documents and
    settings\his name and than the xvwizard32.hta. I didn't delete that since I didn't really
    know what it is. If you want to see the whole file string I can get or if you want to see
    his hijackthis I can post it. I am confused about the safe mode thing though. Does
    it work for all the users on this machine? Should I have gone in as Donna and not
    administrator?
    I did delete all the enjoysearch junk on HIS hijack this, but as I said Ieft the rest alone.
    Donna




     
  28. nakomis

    nakomis Private E-2

    More info

    Since I was still here....here is Frank's latest hijack this--after I deleted the enjoysearch stuff.Towards the bottom is that file string I mentioned earlier..


    Logfile of HijackThis v1.97.7
    Scan saved at 2:58:48 PM, on 3/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Frank\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [xvwiz32] C:\Documents and Settings\Frank\My Documents\xvwizard32.hta
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4344/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15065DEE-61E2-4FCC-BDA2-34AB7BFD8AD7}: NameServer = 12.102.240.2 204.127.160.1




     
  29. johnsr

    johnsr Private E-2

    Star,
    That page, published by a competive business, seems to make a statement without giving any proof or referral to a page offering such proof.
    I am following this up because a statement was made, that if it could be shown to be true, would allow me to remove a piece of scumware from my system. However, I have not been able to find any information anywhere to confirm this.
     
  30. johnsr

    johnsr Private E-2

    General,
    I am not trying to vilify you. If it could be shown to be true, I would remove it instantly. I just want to see a confirmation from somewhere other than a competitors Website.
    Your contributions here to posters seeking help have always, for the most part, been appreciated, so I hope you understand that I am only trying to find an answer, and in no way trying to insult you.
     
  31. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    @Nakomis when you go into safe mode as long as you sign in as an admin account you can delete any files on your machine
    And speaking of which yes you need to delete this
    C:\Documents and Settings\Frank\My Documents\xvwizard32.hta


    @Johnsr i think Xflat has covered some good points, and to be honest im getting a little bored of it
    As i said earlier you have your opinion i have mine and funnily enough i slept very well last night...go figure :)
     
  32. Greyhound

    Greyhound Sergeant

    GLS, looks like you are not going to change his mind, no matter what you say. :rolleyes: Some people like to keep a little debate going on. Anyway, I am with you, use google tool bar, and not in the advanced install, and it will do all it was meant to do. What is also good about google is, it won't block those popups that are very important to you and your system. Keep up the good work GLS. :)
     
    1 person likes this.
  33. jujet84

    jujet84 Master Sergeant

    Notice you have
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

    no wonder you got a probelumm's My advice with AOL get rid of it nothing but grief
    Ah Mcafee referr to McAfee as a virus,hard to get rid of. but can be done :cool:
     
  34. nakomis

    nakomis Private E-2

    Isp

    I don't use AOL as my ISP. It's just here. Are you saying I should delete my
    Mcafee?


     
  35. nakomis

    nakomis Private E-2

    Safe mode

    Copy that.
    I'll go do that now
    Thanks
    Donna


     
  36. jujet84

    jujet84 Master Sergeant

    Did you purchase macfee or was it previously installed
     
  37. nakomis

    nakomis Private E-2

    Mcafee

    I've been a paid Mcafee subscriber for a number of years. It was already installed
    on the laptop when I bought it. All I did was "register", as it were this computer since
    I was changing from my old desk top to this new laptop.




     
  38. nakomis

    nakomis Private E-2

    Zone alarm/firewall

    GL-Sir-I believe we're making headway on this problem. I'm not currently at home to
    verify anything, but it's looking better. Once I get this THING totally out of my computer-
    would a firewall/zone alarm pick up something like this so I don't have to go through
    this again? Thanks
    Donna




     
  39. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    Hi Nakomis
    glad your looking a lot better there now
    Yes i recommend using a firewall, and the free one from Zone Alarm is very good and easy to use
    Just install and dont be worried if it shows a lot of alerts 99% of these are just general internet traffic, all you need to do is allow any programs you want to allow access to the internet and block all you dont this is done by little pop-up windows with checkboxes
    http://www.majorgeeks.com/download388.html

    I would also recommend installing Spyware blaster this stops spyware installing itself in the first place. Its also free :)
    http://www.majorgeeks.com/download2859.html
     
  40. nakomis

    nakomis Private E-2

    quick question

    Copy that on the zone alarm--is Spyware blaster different from spybot? Also--
    did you happen to glance at the hijack this log file I posted from my partner Frank?
    Was there anything else in there besides that xvwizard32 you told me to delete
    I should get rid of? He told me when he logged into the computer this morning
    the enjoysearch was still is home page so I'm wondering if I missed something.
    Donna





     
  41. Ginanatl

    Ginanatl Specialist

    Donna,
    I would rather someone else answer on the "hijack this" file (perhaps one of the members that helped you earlier as I know nothing about "hijack this" log files) but yes, Spyware Blaster is different from Spybot Search & Destroy. On my version of Spybot, however, Spyware Blaster is recommended on the page of the program under "Immunize." Excellent app, too!

    Gina
    :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds