Author Topic: CWS.HiddenDll (Read 6595 times)

Dee · « **Reply #20 on:** December 03, 2004, 08:30:37 PM »

Here is what was found

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\wink.dll Sat May 15 2004 7:35:54p A...R 57,344 56.00 K
________________________________________________

1,378 items found: 1,378 files, 0 directories.
Total of file sizes: 290,870,873 bytes 277.39 M

Administrator Account = True

--------------------End log---------------------

-Dee

guestolo · « **Reply #21 on:** December 03, 2004, 08:34:26 PM »

Good work Dee, as you can see the hidden installer is wink.dll
You won't be able to view it as it's hidden right now
So what the other user posted about dpe.dll at 33kb in size is not correct

The newer version is usually always 56kb in size and randomly named
The older version is about 24 kb in size
Just give me a bit and I'll post a fix, I want to check a couple entries in your log

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #22 on:** December 03, 2004, 09:02:59 PM »

Let's try this Dee, we should clean off a bit of this mess
We should use the Symantec uninstaller for some of this but I need you to download a few tools

Download and save to desktop this Removal Tool developed by Symantec

Don't run it yet

Also
Download and Install the free version of Ad-Aware SE Personal 1.05
This is a great free program, hang onto this
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
After installation-CHECK FOR UPDATES now!
Download all updates
Don't run a scan yet

Let's try some fixes
You may want to print this out, please disconnect complete from the Internet, close all browser windows, if you don't have a printer save these instructions to a Notepad file on your desktop
The below will take a few Restarts of your computer to finish

Double-click the FxAgentB removal tool by Symantec to run it.
The program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later.
RESTART your computer when Done

==Double click to Run CWShredder, Let it FIX all problems
RESTART your computer again

==Open Ad-Aware, Make sure you checked for updates.Do a Full System Scan with Ad-Aware
When it's finished scanning
At this point you should either right click on the screen and choose the "Select All Objects" option or individually put a checkmark in each objects checkbox
click on the "Next" button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. If you would like to do so, press the "OK" button
RESTART your computer to finish the cleaning process

Once back in Windows
Set Windows To show Hidden Files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Do another scan with Hijackthis and put a check beside any of these entries if they still exist

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

O2 - BHO: ICOODownloadManager Class - {BA7270AE-5636-4618-BAF3-F86ADA39F036} - C:\Program Files\ICOO Loader\addons4\icoourl.dll

O2 - BHO: ICOOExternalHandler Class - {ED657BAF-1EE5-4A07-9D2E-6D0525EFC69B} - C:\Program Files\ICOO Loader\addons4\icoourlext.dll

O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"

O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg

O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k42033/sb028.cab

After you have ticked the above entries, close out ALL other open Windows
Leave Hijackthis open and click FIX CHECKED
Yes to the Prompt and exit hijackthis
Restart your computer in SAFE MODE

Find and delete these files or folders if they exist
C:\WINDOWS\System32\pc32.exe <--file, this is a trojan

C:\Program Files\CasinoOnline <--folder
C:\Program Files\ICOO Loader <--folder

===Do a DiskCleanup>>START----Run---type in cleanmgr
Ensure that Temp and Temporary Internet Files are checked

Restart back into Normal Mode

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh hijackthis log
Could you also run another scan with DLLCompare and post the log
Also post the FxAgentB.log

This gives you a little work to do, but it actually doesn't take that log

Then if you would like we should deal with some of your startup entries
A few are unneccesary
We'll deal with them later
A couple programs you installed are questionable, again we'll deal with them later
Let's get your log clean first

Dee · « **Reply #23 on:** December 03, 2004, 09:18:45 PM »

Thought I should let you know - Im still here -

Im just having trouble downloading the Adware software

Hang in there with me - Thanks so much for all your help

-Dee

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

guestolo · « **Reply #24 on:** December 03, 2004, 09:23:05 PM »

No problem Dee, I'll keep checking in
If you have trouble with that link, try at another
http://www.lavasoftusa.com/support/download/

P.S. I'm not going to rush you, I want to make sure you can properly finish everything I recommended

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Dee · « **Reply #25 on:** December 03, 2004, 10:33:50 PM »

Im finally back -

here is the HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 9:41:02 PM, on 12/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedat...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedat.../ActiveData.cab
O16 - DPF: {FAF76D4D-6525-443F-8C27-EA8898DDD745} - http://www.candid.com/ccsftp/default.cab

Now for the FxAgentB.log:

Symantec Backdoor.Agent.B Removal Tool 1.0.1.2

process: winlogon.exe, thread: 00000268 (terminated)
process: services.exe, thread: 000002C0 (terminated)
process: lsass.exe, thread: 000002BC (terminated)
process: svchost.exe, thread: 00000368 (terminated)
process: svchost.exe, thread: 000003B8 (terminated)
process: svchost.exe, thread: 0000043C (terminated)
process: svchost.exe, thread: 000004D4 (terminated)
process: svchost.exe, thread: 00000514 (terminated)
process: CCSETMGR.EXE, thread: 0000062C (terminated)
process: SNDSrvc.exe, thread: 00000640 (terminated)
process: CCEVTMGR.EXE, thread: 00000674 (terminated)
process: spoolsv.exe, thread: 00000760 (terminated)
process: CCPROXY.EXE, thread: 000007DC (terminated)
process: KodakCCS.exe, thread: 000000C0 (terminated)
process: NAVAPSVC.EXE, thread: 00000108 (terminated)
process: NPROTECT.EXE, thread: 000001CC (terminated)
process: nvsvc32.exe, thread: 00000070 (terminated)
process: SAVScan.exe, thread: 000002D4 (terminated)
process: ScsiAccess.EXE, thread: 000003E4 (terminated)
process: symlcsvc.exe, thread: 00000490 (terminated)
process: wdfmgr.exe, thread: 000004E4 (terminated)
process: SymWSC.exe, thread: 00000560 (terminated)
process: alg.exe, thread: 000006B4 (terminated)
process: explorer.exe, thread: 000009C0 (terminated)
process: CCAPP.EXE, thread: 00000A74 (terminated)
process: WkUFind.exe, thread: 00000AA8 (terminated)
process: realsched.exe, thread: 00000B18 (terminated)
process: jusched.exe, thread: 00000B48 (terminated)
process: qttask.exe, thread: 00000B78 (terminated)
process: iTunesHelper.exe, thread: 00000BB0 (terminated)
process: Directcd.exe, thread: 00000BC0 (terminated)
process: msmsgs.exe, thread: 00000BC8 (terminated)
process: AcroTray.exe, thread: 00000C2C (terminated)
process: iPodService.exe, thread: 00000CCC (terminated)
process: EasyShare.exe, thread: 00000D58 (terminated)
process: WkCalRem.exe, thread: 00000D94 (terminated)
process: QWDLLS.EXE, thread: 00000E10 (terminated)
process: SpySub.exe, thread: 00000DE8 (terminated)
process: Ad-Aware.exe, thread: 00000384 (terminated)
process: msiexec.exe, thread: 0000037C (terminated)
process: wordpad.exe, thread: 00000E20 (terminated)
process: FxAgentB.exe, thread: 000009F8 (terminated)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: AppInit_DLLs (value set to "")

C:\Documents and Settings\David: (not scanned)
C:\System Volume Information: (not scanned)
C:\WINDOWS\system32\wink.dll: (will be deleted on next reboot)

The Backdoor.Agent.B removal was successful.
The system will delete 1 Backdoor.Agent.B files from your PC on next reboot.

Here is the report:

1 file(s) could not be deleted.
They will be deleted on next reboot.

The total number of the scanned files: 76528
The number of deleted files: 0
The number of viral processes terminated: 0
The number of viral threads terminated: 42
The number of registry entries fixed: 1

The tool initiated a system reboot.

Im still working on the DLLCompare log

-Dee

Dee · « **Reply #26 on:** December 03, 2004, 10:37:28 PM »

Ok - I now have that DLLCompare Log:

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,377 items found: 1,377 files, 0 directories.
Total of file sizes: 290,813,529 bytes 277.34 M

Administrator Account = True

--------------------End log---------------------

Looks as if all may be well.............

-Dee

guestolo · « **Reply #27 on:** December 03, 2004, 10:53:23 PM »

Looks good Dee, just some startup entries if you want to contol them on startup

But first if everything seems to be running well you should Clean out your System Restore Points
You don't want to Restore any Nasties
This will remove all your restore points and make a fresh one
Simply Disable System Restore---Restart your computer and then Enable System Restore
Here's a link if you need it that will explain
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm

You have a couple programs on your computer
This entry in your log
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k

I would uninstall StopSign, if your not using any other Software from Acceleration Software
Fix that entry with Hijackthis and Restart your computer
Delete the C:\Program Files\Acceleration Software folder

This entry
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
I've never used SpySubtract, are you using the Trial Version?
If you don't need the paid version I would uninstall it
Hold onto Ad-Aware and Spybot 1.3
Make sure you are using this version of Spybot
Together they will do a Great jog

You should install this program to help tighten up your security

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html
Doesn't run in the background, Just install and run once
Check for updates every couple of weeks---Enable all protection after every update

Spybot has the Immunization feature---Click Immunize>>OK>>Immunize at the top

This entry
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
Shows file missing at the end of it which may indicate you are having trouble with
Norton's, are you?

Post back and let me know about the above if you don't mind

You also have other entries that you don't need running on startup, if you would like links to suggestions for disabling on startup and the link to that Startup application
let me know
It's a small download

I would definitely disable Kodak's backweb, it's as good as Spyware
Phones home unknowingly

Dee · « **Reply #28 on:** December 03, 2004, 11:06:04 PM »

Ok -

Im not totally finished yet but have a quick question.

Do i do everything that you mentioned before I re-enable the Restore Utility.

And as for you question regarding SpySubtract - it is a trial version - which I dont care for at all.

I was having trouble for sometime with Norton's -- But I believe it is fixed - the firewall and the anti-virus software hasn't been giving me any trouble this week.

-Dee

Dee · « **Reply #29 on:** December 03, 2004, 11:09:34 PM »

I take that back - I am having trouble with the firewall

Its telling me that the Intrusion Detection is off and I cant seam to get it on.
The error it gives me is: Failed to save setting. Please verify that your Windows account is not restricted.

Dee

guestolo · « **Reply #30 on:** December 03, 2004, 11:28:58 PM »

I figured that entry indicated you were having troubles with Norton's
I seen it in your first log
I would disable System restore now and then restart your computer and then make sure you Re-enable it after restart

Your best bet would be to Uninstall Norton's and Reinstall,
Shut it down in your task manager first
I'm not sure what version of Norton's your running but I would check their website
if you have trouble uninstalling or reinstalling
Here's a link
I'm taking a chance that this is your version
If for some reason your version is out of date or no longer supported, I have links to a free Anti-Virus software that works really well
Norton's 2004

Here's some info on Acceleration Software
http://www.spywarewarrior.com/rogue_anti-s...htm#trustworthy
Scroll down to Note on eAcceleration Stop-Sign

Do the above, make sure that if you go the route of totally uninstalling Norton's
and reinstalling
Use Live Update to check for All updates, including program update. This is very important to work properly with Xp's Service Pack 2

Why don't you do the above and post back a fresh hijackthis log and then we can disable some of those unnecessary startup entries if you would like

Dee · « **Reply #31 on:** December 03, 2004, 11:30:00 PM »

OK - did everything you mentioned-

Still willing to help me disable startups with that small download?

And I stilll dont know why my Firewall is giving me trouble - but I haven't tried to figure it out on my own either.

-Dee

Dee · « **Reply #32 on:** December 03, 2004, 11:32:05 PM »

Disregard that line about the Firewall- you are too fast for me - I had no idea you were all over it already

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Dee · « **Reply #33 on:** December 03, 2004, 11:34:47 PM »

I forgot about that system restore thing.

I went ahead and did everything you mentioned - deleted programs, downloaded others.

Shoot.....did I cause any problems?

Im going to hold tight before I do anything else.

So at this time it is still disabled

-Dee

Dee · « **Reply #34 on:** December 03, 2004, 11:45:36 PM »

I dont have a disc to reinstall the Firewall -

I purchased it online in June -I have a print out with the Activation Key - yet I have no idea (without some research) how to reistall it from the net.

I believe I only had 90 days to do so.

-Dee

guestolo · « **Reply #35 on:** December 03, 2004, 11:51:49 PM »

Okay Dee, Remember XP's Sp2 has a little bit better firewall if your having trouble with Norton's, you don't need both running
However Nortons is definitely better, if it's working properly

Here's a couple of links that I suggest that you look at to see what you can disable
http://computercops.biz/modules.php?name=StartupList
http://www.answersthatwork.com/Tasklist_pa...es/tasklist.htm

If you look at Tasklists page they like to Recommend the Ultimate Troubleshooter
It's a paid version, you don't need it
You can download and install the free version of Codestuff's Starter
from that direct link

Here's what I suggest that you disable on startup
Use those links and you will see what I mean, you may want to leave or disable others
Don't go crazy and disable everything

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

qttask.exe>>>Quicktime's system tray
First enter the preferences of quicktime and disable it on startup and then use STARTER to disable on startup

realsched.exe>>Realplayer's updater, definitely not needed on startup
But first End task on it in the taskmanager
Then navigate to this file
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>>realsched.old
This will ensure that it won't startup, Realplayer works fine without it
Again disable with STARTER

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Sun Java's Updater
That entry in your log, you can access your Control panel>>>Open the Java Plugin
and disable this feature from Automatically checking for updates and manually do this once every couple of months
you can also disable with STARTER
You can also Clear Java's cache in this location too

These 2 entries in your log
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

You can disable on startup, beforehand you may also want to navigate to
Start > Programs > Kodak > Kodak software updater > Kodak software updater setup.
Disable the Updater
Make sure you disable backweb.exe on startup

OSA9.EXE You can manually startup these programs
Here's a link that may help you out
I would use Codestuffs STARTER to disable
http://www.sysinfo.org/startuplist.php?fil...XE&count=&type=

Do some research and see what you need

I would definitely uninstall Norton's and reinstall if you are having problems with it...

Stay Safe Dee

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #36 on:** December 04, 2004, 12:01:13 AM »

If you restarted go ahead and Re-enable System Restore

I just noticed this

Quote

I dont have a disc to reinstall the Firewall -

I purchased it online in June -I have a print out with the Activation Key - yet I have no idea (without some research) how to reistall it from the net.

I believe I only had 90 days to do so.

I'll look into it for you, maybe both of us can come up with something

But you definitely have to figure it out, just make sure that Norton's AV is running properly

If you have too much trouble with Norton's Firewall, disable it and use the XP firewall
You can find the Windows Firewall Icon in the Control Panel to enable it until we find a fix

Dee · « **Reply #37 on:** December 04, 2004, 12:04:58 AM »

Thanks so much for all your help this evening.....

Ill leave you alone for now....

But I have one very important questions for you

WHO ARE YOU?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' /> ... AND HOW THE HECK DO YOU KOW ALL OF THIS -

AND MORE IMPORTANTLY - HOW DO YOU GATHER THE INFO SO FAST THEN TO TYPE IT UP LIKE IT WAS NO TROUBLE AT ALL.

To make it even more amazing....all without a fee.

Thanks so much for your time.

Im sure I will be visiting this site real soon. - I had no idea these forums were so helpful

LOL
-Dee

guestolo · « **Reply #38 on:** December 04, 2004, 12:06:10 AM »

Go to this site
http://www.symantec.com/sabu/nis/npf/

Maybe because you didn't Activate is the problem

You have to allow popups on this site
Click on the
Find out about Norton Personal Firewall 2005 Product Activation details
on the Right hand side

Some good info there
Let me know if you can activate and it works out for you

guestolo · « **Reply #39 on:** December 04, 2004, 12:08:47 AM »

I enjoy helping others with getting rid of this Malware from they're computers

I don't consider it a game, because you can leave a person's computer in a real mess

But I'm not much for playing games
Except I really want the wife to buy me Half life 2 for Xmas
So this keeps me busy online

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I forgot to add, when you go that link for Nortons and click on Details
Then click on "Why Activate Software?"
Then "Support Resources"
Then "Click Here"

Should be some info there

News:

Author Topic: CWS.HiddenDll (Read 6595 times)