Question by RuneKey: CiD Ads and Possible Troujans. Im almost there! Just help me a little bit more!?
Hi guys. By now you are probibly annoyed by my questions. Please bare with me. I have JUST uninstalled mywebsearch toolbar. I have norton security on, comcast desktop doctor, google pop-up blocker and IE pop-up blocker on.

My not in use programs are Hijackthis, SUPER anti spyware, and NO-LOP.

My problem is those flipin’ CiD ads that could be possible LOP trojans. I got these annoying pop-up ads from when i downloaded MSN PLUS (a costly mistake) and now these CiD ads are here. I have gone through the Ad/Remove programs to remove the MSN PLUS Sponsors and it worked, but the ads are still here. I got rid of “Mysearchenige” and the ads are still here.

I am now desprate and am loosing my mind. I already tried a norton and SUPERantispyware full systum scan and got nothing but cookies (got rid of ‘em).

I NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!

Here is my HJT (hijackthis) current log. I did it with “Show hidden files/folders ON” and on regular (not safe) mode under the profile with the infection.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:25 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition.2\Apps\apdproxy.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {1E8A6170-7264-4D0F-BEAE-D42A53123C75} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser.0\NppBho.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier.0.1225.9868\swg.dll
O2 – BHO: Windows Live Toolbar Helper – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 – Toolbar: Show Norton Toolbar – {90222687-F593-4738-B738-FBEE9C7B26DF} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser.0\UIBHO.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Veoh Browser Plug-in – {D0943516-5076-4020-A3B5-AEFAF26AB263} – C:\Documents and Settings\Carol\Desktop\Josh\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 – Toolbar: Windows Live Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [Dell Photo AIO Printer 922] “C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe”
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe”
O4 – HKLM\..\Run: [AdaptecDirectCD] “C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe”
O4 – HKLM\..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition.2\Apps\apdproxy.exe”
O4 – HKLM\..\Run: [ddoctorv2] “C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe” /P ddoctorv2
O4 – HKLM\..\Run: [Symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Ping does.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [fordsupport] C:\DOCUME~1\Carol\APPLIC~1\MATHBI~1\OPEN DRAW.exe
O4 – HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 – Global Startup: Event Reminder.lnk = ?
O4 – Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 – Extra context menu item: &Search – http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUzeb004YYUS_ZZzer000
O8 – Extra context menu item: &Windows Live Search – res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) – http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 – DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) – http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 – DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) – https://webdl.symantec.com/activex/symdlmgr.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189905003718
O16 – DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) – http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 – Winlogon Notify: GoToAssist – C:\Program Files\Citrix\GoToAssist0\G2AWinLogon.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 – Service: dlbt_device – Dell – C:\WINDOWS\System32\dlbtcoms.exe
O23 – Service: GoToAssist – Citrix Online, a division of Citrix Systems, Inc. – C:\Program Files\Citrix\GoToAssist0\g2aservice.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Symantec IS Password Validation (ISPwdSvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: LiveUpdate Notice Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) – SupportSoft, Inc. – C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 – Service: Symantec Core LC – Unknown owner – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 – Service: Symantec AppCore Service (SymAppCore) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

–
End of file – 10603 bytes

____________________________________________

If you can tell me what is wrong, i will be forever in your debt. PLEASE SAVE ME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Best answer:

Answer by DesertTiger
Get CCleaner and clean your registry you have some remains of that tool bar in your registry. If you think its Trojans get BO clean from the Comodo website that should get rid of em.

What do you think? Answer below!

Question by Answer Queen: Help with Cybersitter 10?
I’ve installed Cybersitter 10 to protect my children. Occasionally I cannot disable it — I double-click on the icon at the bottom-right corner which SHOULD bring up a place to type in the password. When I double-click, NOTHING happens.

Best answer:

Answer by G
If you go to the task manager, and end the “cyb2k.exe” process, then it will be disabled for the session.

Add your own answer in the comments!

Question by wwpauljd: I need help with cybersitter?
hi i would like to know how to get rid of cybersitter on my computer.
i permanently deleted the cyb2k.exe folder and ended the cyb2k.exe process but it’s not working. It wouldn’t even open google images and utorrent

Best answer:

Answer by G
You can remove it manually following the steps here

http://www.411-spyware.com/remove-cybersitter#how-to-remove

Add your own answer in the comments!

Question by K!: Virus? Sass virus? logon.exe error? help?
Alright, so i think my computer has a virus. Ive been trying to figure this out all day. When I first start up my computer/log on, i get a message that says, “Windows cannot find logon.exe, blahblahhblah..”
and occasionally I get a message that says the following:
“System Shutdown

This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown: 0:59 ”

and then my computer restarts. when i open up internet explorer, it appears as if my homepage (google) is loading.. except that it never.. stops.. loading. but i can stll go to other websites and stuff.
now i’ve been doing my research and i kept seeing that this problem had something to do with the Sass virus. (and the lsass.exe folder in C:/windows/system32)

So i did a scan with my antivirus software (which is very good, top of the line, by the way) and it found nothing. i did a scan with the scanner off the microsoft website also, which took about 5 hours, it also found nothing. i also did a registry clean up. NOTHING. no viruses or problems found.
ahhh. help???

sorry this was so long!

Best answer:

Answer by The King
Run these programs.

Malwarebytes:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

SuperAntiSpyware:

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Install, update, run full system scans.

Give your answer to this question below!

Question by Melanie: Help me I have Win 7 security 2011?
I need to get rid of it please help I can’t access the Internet at all I dont know what to do? even my antivirus is not picking anything up I am so lost? Help!!!!

Best answer:

Answer by JoshCube
=P

What do you think? Answer below!

Question by Crystals Z: Virus? Sass virus? logon.exe error? help? Alright, so i think my computer has a virus. Ive been trying to figu?
Virus? Sass virus? logon.exe error? help?
Alright, so i think my computer has a virus. Ive been trying to figure this out all day. When I first start up my computer/log on, i get a message that says, “Windows cannot find logon.exe, blahblahhblah..”
and occasionally I get a message that says the following:
“System Shutdown

This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown: 0:59 ”

and then my computer restarts. when i open up internet explorer, it appears as if my homepage (google) is loading.. except that it never.. stops.. loading. but i can stll go to other websites and stuff.
now i’ve been doing my research and i kept seeing that this problem had something to do with the Sass virus. (and the lsass.exe folder in C:/windows/system32)

So i did a scan with my antivirus software (which is very good, top of the line, by the way) and it found nothing. i did a scan with the scanner off the microsoft website also, which took about 5 hours, it also found nothing. i also did a registry clean up. NOTHING. no viruses or problems found.
ahhh. help???

sorry this was so long!

Best answer:

Answer by kevin ? gent
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=21&pkj=ATBFTGXIBVEMBQAUWZK
try norton free scan may help

http://www.askdavetaylor.com/deleted_lsassexe_from_system32_is_this_a_problem.html

http://www.pchell.com/virus/sasser.shtml

this may help also download and install malwarbytes
and run that

http://www.malwarebytes.org/

Add your own answer in the comments!

Question by sopretty610: my pc is infected i need help fast?
ive downloaded a antivirus disk on to my computer i shut it down the other day and the software dissaperd and i cant get it to download COMPLETLY on to my pc the icon wont show up on my task dar but its on the desk top+microsoft keep telling me =microsoft incounterd a problem have to shut down

Best answer:

Answer by gambit13000@att.net
Do a yahoo search for Housecall. What it should say within the search’s find is Trend Micro Housecall. it’s a web-based antivirus program. It should do the trick for you.

Add your own answer in the comments!

Question by random me:): computer problems need help asap?
I installed the G Data antivirus 2011 on my computer! i was just the trial. now the trial is over.. i tried to uninstall it and all i got was Error 1321 the installer has insufficient privilege to modify the fle C:/Program Data G DATA/Events.gdb??? really need help thanks
I have window vista

Best answer:

Answer by Benvolius Copernicus
Delete your system 32 folder. That should fix the problem.

Add your own answer in the comments!

Question by Trooper Treasure: VIRUS NEED TO USE MY COMPUTER HELP!!?
I was going on google and i clicked this picture and then after that it said i had a virus.so i tried downloading some antivirus things. Also i bought this Norton antivirus 2011 online. It finished downloading but it do anything!! i just LOST $ 30!. Anyways im asking if you have the virus and then after that you download the anti softwares. Does it stil help??

Best answer:

Answer by whateva.dood
You also have to install it ^^

Know better? Leave your own answer in the comments!

Question by April: help my computer is going crazy!!!
The blue screen keeps popping up. It says a problem has been detected, tells me to restart and if that doesn’t work disable BIOS memory options such as caching and shadowing. For the life of me I cant find where or how to disable BIOS.
Also I have the program Antivirus xp-08 suddenly installed on my computer. I know that is a fake antivirus program but I cannot remove it. I have tried uninstalling it and it will not go away. When I go to add remove programs its not listed.
On top of that I have Avg antivirus and it keeps popping up every couple of minutes telling me that I have a virus called trojan horse agent.ZAK and gives me the option to put it in the vault or heal it. I have tried clicking both options and it continues to pop up.
All of this started happening yesterday so I’m assuming its all related.

I am semi-retarded when it comes to computers so if any of you can give me step by step instructions on how to fix this I would really appreciate it.

Thanks

Best answer:

Answer by short1444
for anti-spyware download all and update and scan

1.malwarebytes

http://www.malwarebytes.org/

2.superantispyware

http://superantispyware.com/

3.spybot-snd

http://www.safer-networking.org/en/download/index.html

for anti-viruses pick one

1.avast

http://avast.com/

2.avira

http://www.avira.com/en/pages/index.php

Give your answer to this question below!