TWINS annoying Windows errors....

[buttzilla]

Tpday it is possible to install adware and spyware by just passing the mouse cursior over an add on a bad site. password and crack sites are good for this. Porn and online gambling sites also like to try and install suff. You say you are using spysweeper so I assume you mean webroots spysweeper. The newest version has shields you can set up that are good at warning and preventing stuff like this. I use it and I think its one of the best out there. Also download a free program called CCleaner. It great at cleaning all the cookies and temp files you don't need. It does a whole lot more also.

[fLYtRap]

I see a lot of porn entries in your registry screen shot. If your not careful porn sites can install a lot of spyware crap and junk. They are notourious for this. This is where most of your spyware adware problems come from.

I didn't even notice that. Now we know why fLYtRap has all that crap installed
fLYtRap is a big porn surfer. Most likely a P2P porn downloader too.

Please do me a favor will you. If you don't have anything interesting to say than don't come to my post and don't do that
I am not a porn surfer and/or P2P downloader. I run legit business on my own through the Internet with lots of money exchange transactions that is why security is much of concern for me.
You see I just learned that this list was an update of restricted web sites that SpywareBlaster downloaded to my computer to protect me from getting to those sites
NOW WHY DON'T YOU TRY AND LEARN SOMETHING NEW AND STOP CRITICAIZNG ME

[fLYtRap]

Yes , I read a few , Nelson37 , but ...

As for fLYtRap , it might have been an idea to have used google search , and for " security popup infected " .

Its a question of thinking what is actually occuring , or seeing .

A: Its a popup
B: Means security is aka ... firewall / av being screwed with
C: I may be infected , not sure though

Put all three together and the first return link from google is from

http://forums.techguy.org/security/594476-bogus-security-alert-popup-balloons.html

Of course you may need to switch the search terms about to get anything directly referenced as to the issue , and sollution , to which this link has .

If it comes down to a complete reinstall of os is staring you in the face , you really have nothing to loose in trying some of the tools , others have come up with to solve these issues .

In many case's , the problem is resolved .

I have never faced an os reinstall ever , even on the worst infected pc .

To which the record gose to a near by neighbor : 600 trojans + 300 virus's ... cleaned , working , only 1 document lost due to corruption ... was not important .

They didnt know what an antivirus program was .

----

The other thing I used to tell people when they surfed the web was to keep an eye on the task bar in ie for anything , such as , cab , exe , and alike ... if you see it , close the browser asap ... if they intended crawling through warez / adult sites , or any site offering similar content that was not legal .

The second was ... if it says it can fix your pc , or make it go faster ... leave that site NOW .

The only thing they deliver faster than free porn , is the initial infection ... in seconds .

If you read all my posts you should see that I already done a similar thing related to DrWatson error:

http://www.thenerdnetwork.net/forums/viewtopic.php?t=3086

Now tell me something, when you go to this site:

http://www.schrockinnovations.com/removespycrush.php

do you see that banner that says "if you see this banner on your PC you are infected"

I am either paranoid or totalY screw because I see all the banners (3 in total) related to all the infections they have listed there which are:

How to Remove the ContraVirus Infection Latest Help Articles
How to Remove the SpyCrush Infection Latest Tutorials
How to Remove the SpyLocked Malware Infection


I know it is quite possible since they are all related to a *.dll.bad files

I WANT TO KNOW IF ANYONE ELSE SEE THOSE BANNERS, PLEASE DO THE POLL

[fLYtRap]

He don't know that he don't know.

You are absolutely right, thank you for bringing this up because NOBODY notice that yet
I don't know and that is why I am posting here and on other forums to learn

[fLYtRap]

Just to make things clear. The only person that is trying to help me here is Bjs the rest of you guys are either criticizing me and/or making fun of me. So if this is your intention than why don't you just disappear from my post I'd certainly appreciate this.

[fLYtRap]

I see a lot of porn entries in your registry screen shot. If your not careful porn sites can install a lot of spyware crap and junk. They are notourious for this. This is where most of your spyware adware problems come from.

I think 90% Internet users knows that. And once again I don't go to porn sites I don't D/L music and/or movies and I DO NOT d/l cracks, serials and/or keygens

[fLYtRap]

Here is the list of everything that I am currently running if someone wants to take a look. To me all services looks legit. If I had SpyCrusher running it would be listed there or not



autoruns.txt

[fLYtRap]

and here is Hijack:



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Audacity\audacity.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BUMP 2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[gll99]

Don't get too down. All that X cr@p in the registry can be added by just one trojan/hijacker/dialer that you picked up while typing a url for a legit site but with just one letter off with well known common typos and misspelled words. When you download freeware or shareware programs you need to get them only from the author's site or from a well established online distributor. Some jerks will offer someone else's freeware but pepper the programs with trojans, dialers, browser hijackers and other cr@p.

You can safely clear the registry of all those and it won't cause any problem. Don't be surprised if they just come back because there is likely a program that re-installs itself by using a combo of 2 or 3 programs, dll and activex. Some even disguise themselves as a service. I would bet your browser favorites also have similar links in them all placed by the same trojan.

It's especially hard to discover if you are running a program you think is legit but is in fact the carrier. A program can be made to sense when the task manager is present and it deletes itself from memory but when the task manager is closed the other program reactivates the trojan.

Once you learn the identity of a trojan find out how it works and where it hides its helpers. If you plan to do a manual cleanup, you need to clear it from memory and find all traces in the registry under it's various names. There will no doubt also be entries in the boot up sequence's docs and settings directory startup folders under your user name but also the one for all users. Obvious hiding places are the temp and Internet temp directories. One area that is a potential hiding place is in the windows directory in a folder called Downloaded Program Files. This location will probably show activex usually java, quicktime control, shockwave etc.. If you right click on an entry in the directory and click on properties you will see who owns the control. Some of the numbered entries might be for the macromedia player etc... If there is anything suspicious there that doesn't seem to match anything you know and trust, get rid of it. Another dir in the windows path is the dir Downloaded Installations where something could hide awaiting reinstall.

As far as firewalls and anti spyware each only does part of the job, I have a router, xp firewall and another software firewall. I run resident PeerGuardian2 and AVG. I periodically run non-resident AdAware, Spybot and SuperAntiSpyware. Each one finds small things that the others ignore or miss. I rarely find anything critical anymore but almost everybody and is brother seem to be tracking internet click activity with cookies these days. I use both the Yahoo and the Google toolbars. They have nice features but when you examine the Google toobars terms of use it's the most intrusive thing you can use. You agree that Google can share your personal information with any 3rd party it chooses.

[fLYtRap]

and here is Skype error

[buttzilla]

I see a lot of porn entries in your registry screen shot. If your not careful porn sites can install a lot of spyware crap and junk. They are notourious for this. This is where most of your spyware adware problems come from.

I didn't even notice that. Now we know why fLYtRap has all that crap installed
fLYtRap is a big porn surfer. Most likely a P2P porn downloader too.

Please do me a favor will you. If you don't have anything interesting to say than don't come to my post and don't do that
I am not a porn surfer and/or P2P downloader. I run legit business on my own through the Internet with lots of money exchange transactions that is why security is much of concern for me.
You see I just learned that this list was an update of restricted web sites that SpywareBlaster downloaded to my computer to protect me from getting to those sites
NOW WHY DON'T YOU TRY AND LEARN SOMETHING NEW AND STOP CRITICAIZNG ME

Actually a few people had some interesting things that they pointed out to you and you don't want to listen. You can't run 4 firewalls and 4 spyware tools and various antivirus and other security tools without having major conflict problems.

[fLYtRap]

I see a lot of porn entries in your registry screen shot. If your not careful porn sites can install a lot of spyware crap and junk. They are notourious for this. This is where most of your spyware adware problems come from.

I didn't even notice that. Now we know why fLYtRap has all that crap installed
fLYtRap is a big porn surfer. Most likely a P2P porn downloader too.

Please do me a favor will you. If you don't have anything interesting to say than don't come to my post and don't do that
I am not a porn surfer and/or P2P downloader. I run legit business on my own through the Internet with lots of money exchange transactions that is why security is much of concern for me.
You see I just learned that this list was an update of restricted web sites that SpywareBlaster downloaded to my computer to protect me from getting to those sites
NOW WHY DON'T YOU TRY AND LEARN SOMETHING NEW AND STOP CRITICAIZNG ME

Actually a few people had some interesting things that they pointed out to you and you don't want to listen. You can't run 4 firewalls and 4 spyware tools and various antivirus and other security tools without having major conflict problems.

Yes I know that few people have something to say, but not you, so please leave will you.

[gll99]

Sorry I missed that point that all those adult sites in the registry were from a blocking program. It seems strange that it would store them in the registry given that maintaining lists like that means writing frequently to the registry. You would think they would use a safer database but if you're sure that's an ok program then it's not the problem. There are browser hijackers that do the same thing.

I agree with those who say that it's not a good idea to disable windows warning tools like Dr Watson if that is what you are suggesting, but rather try to find the root cause. Is your OS right up to date with MS updates. I ask because MS had put out some updates that actually caused problems rather than solve them and then fixed them later in new patches. At one point I had to disable a service that kept giving an error on boot up. I googled the exact message and the answer had been posted on exactly what was causing my problem. The error was caused by the WIA service and the temporary solution was to stop it. That problem no longer exists because MS fixed the problem and now its ok. Another cause of crashes etc... is dll conflicts or if a badly designed program has replaced MS dll's with a similar but not fully compatible version of its own. These replaced files can easily be restored from your original XP install disc.

I hope the message is clear that it's ok to run as many virus, trojan remover and blocker tools as you want but remember that many act as memory resident shields which means that they all want to check the data at the same time and could end up tripping on each other. With the exception of memory resident AVG and PG2 (I mainly use it to block ftp sites), I run my other virus checkers separately as standalone tools.

[fLYtRap]

Sorry I missed that point that all those adult sites in the registry were from a blocking program. It seems strange that it would store them in the registry given that maintaining lists like that means writing frequently to the registry. You would think they would use a safer database but if you're sure that's an ok program then it's not the problem. There are browser hijackers that do the same thing.

I agree with those who say that it's not a good idea to disable windows warning tools like Dr Watson if that is what you are suggesting, but rather try to find the root cause. Is your OS right up to date with MS updates. I ask because MS had put out some updates that actually caused problems rather than solve them and then fixed them later in new patches. At one point I had to disable a service that kept giving an error on boot up. I googled the exact message and the answer had been posted on exactly what was causing my problem. The error was caused by the WIA service and the temporary solution was to stop it. That problem no longer exists because MS fixed the problem and now its ok. Another cause of crashes etc... is dll conflicts or if a badly designed program has replaced MS dll's with a similar but not fully compatible version of its own. These replaced files can easily be restored from your original XP install disc.

I hope the message is clear that it's ok to run as many virus, trojan remover and blocker tools as you want but remember that many act as memory resident shields which means that they all want to check the data at the same time and could end up tripping on each other. With the exception of memory resident AVG and PG2 (I mainly use it to block ftp sites), I run my other virus checkers separately as standalone tools.

I am glad I can have constructive conversation with some members here

My auto updates are off because they are only causing more problems d/l lots of stuff that nobody needs. I am looking for holes in my system and than I look for hot fixes and install them manually.

As for those porn sites yes I am sure that this was update from SpywareBlaster. I am including a couple of screen shots. First one is with "Domain" entry in place and second after I removed.

[fLYtRap]

after I deleted "Domain" entry

[fLYtRap]

You may have passed all those tests , but I came across a pc the other day that also passed all test's , yet still had issue associated with ie and security icon .

http://www.schrockinnovations.com/diy.php ... go down page and click "How to Remove the SpyCrush Infection" , then go down to bottom of page and click to go to page two ... download the file associated with "Remove SpyCrush smitRem Tool" link .

For ie issue it was replaceIE7.cmd , I didnt bother doing all the other stuff , as I had already killed of the problems using avg and hijackthis ... just the security thing kept stuffing about with popups .

Most of the problem comes from wininet.dll having been replaced by crapware version ... it said version number was 0 ... which I knew was not correct .

Worth having a look .

----

Multiple firewalls need setting up correctly or the server you are trying to download from has no idea where to send the packets .

Bjs you better straighten your sources with that site

I hope you just didn't know about it and not send me there to actually get infected. Just as I thought this site is offering free removal procedure, which in fact infecting you so than they can offer their services or sell their products. As soon as I saw this banner that was saying "if you can see that you are infected" right the way I knew that something is not right. Although I did download their tool removal I didn't just yet installed. Instead I have done a couple of online scans of this file and just as I thought it is infected with bunch of crap.

Anyways here are results of the scan that I have done on their removal tool.

[Bjs]

Hello ... we on ?

There is no problem with that site , or the applicable package .

Those that report infection are complete bogus and full of BS .

And in seeing those banners ... dose not mean you ARE infected ... they simply show what the banners looks like and associated other error messages that might be displayed .

If everybody thought that , I'd have retired years ago , filthy rich ... and be laughing all the way to the bank .

The millenium bug ... what a good year that was .

Ive been there on several infected pcs in the last two days , and none picked up an infection , and all have returned to normal now .

Running the ie bat file should resolve that annoying warning icon , and the firewall , if it is off , should beable to be set back to on ... I didnt have any problems in doing so .

----

So you did a reinstall of the os , and its back , well just go throught what I said before ... avg first , hijackthis ... theres a file you need to snag first .

Write down all program folders first .
Then ctrl + alt + del , and write down all process's listed you see .
Dont rely on hijackthis to show this bugger ... its a good one ,

It might just dodge my memory as to what I attacked first , it started with either M or N , it refused to exit .

Its been so busy the last few days .

You can pm that across if you dont want everybody sticking their noses into you bussiness .

While you wait , grab your os disc and shove it in the drive and run this command .

sfc /scannow

Theres a tool in the windows folder that dose the same thing , just I can not recall it by name ... on my win nt 2000 pro at the moment ... nope , nothing wrong with my xp system ... its busy recording xbox360 crapola .

I am pretty sure it will nail your isse with MSHTML.DLL , by replacing it , if its found to be dodgy .

The other thing you can do , is replace the file by using a bootable linux in order to access the the os drive and files ... windows dose keep a backup of that file ... but that would be a last resort .

----

Once all thats done , we'll see what else needs checking , but once that main bug is sorted , your system should return to normal .

----

Before I forget , I remember that skype had issues with other users , in not playing well with other programs it intergrated itself with .

It might be as simple as uninstalling it , reboot , reinstall , reboot , to set it straight once more .

Maybe even see if they released update files / patches for known conflicts .

I only ever done that once before , and even then , the techs from the mob that supplied the equipement , didnt know if that would work ... it was cross your fingers stuff ... but in that case it worked fine .

I'll check later to see how you got on ... remember , hijackthis cant see this toadstool of a problem , but you will see it in task manager running tasks .

Why it cant see it , I dont know yet ... I was too damn quick at killing it off to go find out ... next time I'll slow down and take a peek .

I'll add this : Spyware blaster ... what junk that is .

[fLYtRap]

Geeez....I really don't have time for all this, I have been fighting with this crap for over 3 weeks now Perhaps it will be quicker to do one more reinstall.

Something just come to my attention that sfc command it doesn't work in my DOS. When I hit enter the DOS screen shows up for split of a second and disappears.

I am not sure if you checked ActiveRuns file that I included, but I don't see anything suspicious there neither in task manager. I mean if this bug is running on my machine there must be a way at least to see it to veryfi that is there. From my experience I am 99% skeptic in trusting to anybody that is why I am searching in different places to gather information before I do anything. Now tell me is there anything that I can scan for it just to see it? You say that Hijack is not good, I don't see it in Task Manager, AutoRans or ActivePorts so what I can use? Those online scans maybe bull@#$%^ but I tell you that I have searched Google and I found several posts people pointing out to that specific file from that website, so I am simply confused. I understand that the bug maybe Troy of the year but cmon, I mean what the hell is going on

Now about this bug. Everyone around says one thing about it that when Windows starts a pop-up shows up, well thad doesn't happen to me. This is when I notice those errors happen:

1- when I do listings on eBay I'll usually get IE error when my machine runs out of virtual memory (there also could be a bug in new eBay software since they are still developing it)
2- on some occasions with Skype, not really sure why
3- and DrWatson error when I click on button SUBMIT when posting replay here , not sure whats up with that, but this also happened to me on other forums as well

[buttzilla]

BYE!

[TBoneit]

in the run command you need to type cmd, that is open the run command and then in the box you type cmd that should open the command prompt. then in the dos windows type sfc /scannow

alternitive is click start, choose accessories, command prompt in the dos box type sfc /scannow

opening the run command and typing sfc /scannow should cause the command prompt to open and close. Normal. But it should leave teh system file checker running if not then.....

[fLYtRap]

Bjs things just got worst...I run file protection scan but I am not sure how the scan should end. When the scan finished the scanning window just closed up and nothing happened after that. I had no report of any kind and I also didn't found log file for it.
Also something just happened to my task manager, when I opened it was fine and I already had on services tab, but than I clicked on running processes and all the tabs disappeared.



Update:

I found a way around TM and I used KillBox to get there

[fLYtRap]

I am currently also running Firefox and I have notice something strange. About every 10-15 minutes I hear clicking sound in it just like I'd go to a page, but this is happening on its own. I am not very familiar with FF, so I am not sure if this is normal or not.

[TBoneit]

Well if it doesn't SFC will just disappear if when done. If it had found changed or corrupt or missing files it would have asked for the XP disc.

Double click on the bar above where it says tasks, sometimes that brings everything back.

[fLYtRap]

OK thanks for the tip, that worked out. So here it is pretty much the same stuff as in KillBox , but I closed down some of them to make the list available for a screen shot.

I got to go and get some sleep now zzzzzzzzzzzzzz...

[buttzilla]

Geeez....I really don't have time for all this, I have been fighting with this crap for over 3 weeks now Perhaps it will be quicker to do one more reinstall.

Something just come to my attention that sfc command it doesn't work in my DOS. When I hit enter the DOS screen shows up for split of a second and disappears.

I am not sure if you checked ActiveRuns file that I included, but I don't see anything suspicious there neither in task manager. I mean if this bug is running on my machine there must be a way at least to see it to veryfi that is there. From my experience I am 99% skeptic in trusting to anybody that is why I am searching in different places to gather information before I do anything. Now tell me is there anything that I can scan for it just to see it? You say that Hijack is not good, I don't see it in Task Manager, AutoRans or ActivePorts so what I can use? Those online scans maybe bull@#$%^ but I tell you that I have searched Google and I found several posts people pointing out to that specific file from that website, so I am simply confused. I understand that the bug maybe Troy of the year but cmon, I mean what the hell is going on

Now about this bug. Everyone around says one thing about it that when Windows starts a pop-up shows up, well thad doesn't happen to me. This is when I notice those errors happen:

1- when I do listings on eBay I'll usually get IE error when my machine runs out of virtual memory (there also could be a bug in new eBay software since they are still developing it)
2- on some occasions with Skype, not really sure why
3- and DrWatson error when I click on button SUBMIT when posting replay here , not sure whats up with that, but this also happened to me on other forums as well

You could be running out of virtual memory because you do not have enough hard drive space. Virtual memory use a section of your drive. If it's to full you'll get errors like this. You show a 12 gig hard drive and 1 gig memory. An upgrade to a larger hard drive and more memory could help.

[Bjs]

Ok , you want the LONG version ... well ... here gose

I know of a few that use that idiot ebay plug , and I dont like it one bit , and have seen it cause issues before .

In fact , that was the damn thing that screwed with that skype thing , now that I recall who had the problem .

I had to go back and check where you were according to your profile ... if it had said au , I would have come down and kicked you in the butt ... I know where you live in that case ... lol

I mean come on ... who here trusts ebay service as far as they can throw a stick ... I dont ... and when you have an issue , what do they do ... they tell you in polite terms to F off , its not our problem ... you deal with it .

So why install their tool ... cause most users need a hole in the head ... go get a drill , it would be just as painfull .

I just set outlook express to check every five minutes , and calender to remind me when auctions end ... strange people still dont know how to use the tools that the os comes with for better purposes .

And this is partially how that ebay tool works , and why it screw's with users systems .

Just like using outlook express rules to delete specific content from email server , and download the rest ... easy stuff , who needs spam filter crapware .

Like those spam tools , that supposedly "learn" from your usage ... wtf ??? ... who's pulling who's leg here now ???

Oh , I see , you want to pay money for nothing ... well here's my bank account ... give it all to me ...

But enough of the funny stuff .

----

Yes , its a good idea to sus out those that reply ... dont do anything unless you do that first .

Scan and task manager are fine .

Do you have a program folder that has anything in its name such as "active" , and if so , what are they ?

The first thing to do when a major ahole gets into the modern os , is to disable system restore , then deal with pain in butt , check all is clear , then reset system restore .

If you dont disable system restore when doing this , those aholes can come back at you later .

I have users send me infected emails all the time , just to check what it is .

To me , their a challenge ... well a hobby of sorts , its either they go , or I'll force them to go .

Then I send back instructions on how to nail them ... most get me to come down and deal with them , because its beyond their understanding in many cases .

I have had thankyou's from all over australia from people I have sent rescue discs out to ... and I dont charge for that service ... just trying to make it all make sense to newbies that find grief with their new systems caused by lazy aholes who think stealing is a good profession to get into .

If I catch one of those people , they'll wish the police / fbi had got to them first .

There's only a few virus's / trojan's , that are very destructive critters , out there , many have multiple names , but fall under the same catagory , and the same method of destruction is used to remove them .

Only on extremely rare cases dose an os reload need to actually take place .

We also recommend on new installs that a backup image be created ... it only takes a few minutes , and your backup and running as though nothing had happen .

Even another new hard drive in which to use the manufacturers clone tools works for this ... damn handy , and perfect ... just put the copy drive away till needed ... use a bootable linux , and a flashdrive to recover user data ... then use manufacturers tools to wipe the sucker out ... then clone back from the other drive ... and your back ... bit on the tech side of things , but you learn how to get around most issues , baring an actual issuse with hardware ... if its non-removable , then its screwed in some cases (motherboard replacement) .

When it comes to moronic tools such as nortons av and their activation crapola , its best to take new images atleast once a month ... unless you know the procedure you need to go through in order to uninstall , reinstall last updated purchased version , reactivate , update ... but this dose leave you vulnerable

But like I need that peice of crap on my system ... has a bad habit , that if it lets something slip in , it may not beable to do squatt with it ... bloody useless and a waste of money .

Which is why I recommend avg ... brilliant ... and a small foot print on system memory is best .

----

As for those that report issues with that package , these might be non-tech users , who simply follow blindly any scanner that says there's a problem with the package ... almost 98% of everybody , who's connected to the nett these days , fall into this catagory .

The 2% remaining are savy enough to know the truth , and the lies apart from one another .

----

As for system virtual memory , its different from system to system , and you need to check only a few items .

Right click on recycle bin , and select properties .

Usually its 10% of the whole drive ... but if you have a 100gig hard drive , there's no real point in having 10% chewed up for the bin ... unless your a DV nutcase ... but why would anyone send large uncompressed video to the bin in the first place ... because they can , even though they should think twice about it .

When system virtual memory runs low enough , some of this space reserved for the recycle bin is handed over ... till the error pops up .

----

Delete all files nolonger required to free up space .

And

Windows explorer
Tools
Folder options
View
Hidden files and folders = show
And uncheck those two options just below , that say HIDE .

You'll get a popup message , just answer yes
Hit apply , then ok

Now

Goto Documents and Settings
Normal login account by name
Local Settings
History = clear
Temp = clear

For those that refuse to go , run avg scan on folder , if ok , leave them

Temporary Internet Files = clear (some cookies contain website user names and passwords = backup first)

You may have the following in some setups

Content.IE5 (can be any version ... thats just my 2000 pro one)

And under it are folders and "desktop.ini" + "index.dat"

Delete all folders , one by one (windows has a bad flamin habit of locking up which ms has never fixed properly)

Now reset folders > tools > folder options ... you know the drill ...

Next > Scandisk ... for xp users , its reboot time .

Followed by defrag of main drive (even if windows says its fine ... DO IT)

Especially those of you running into some sort of crc error issue with files , namely those just downloaded from online .

----

If you find the tech stuff beyond your abilities (or a little) , print this stuff off , and go ahead with the reinstall of the os ... but please make a decision on making a backup image ... it can save you alot of time later ... and those stupid xp discs dont take much , before they perish ... I know from experience .

----

On a final note , some web sites refresh their content , depending on what length of time they set this to .

Try the windows movie maker forum , about every 2 minutes ... in both ie and ff ... its not usually an issue , just a pain in the butt when nothing has actually changed ... a stupid idea , and waste of bandwidth , no matter how small , its still a waste in my books .

[fLYtRap]

Well I just got back from PC Flank which is under hackers attack and am not sure what else did I pick up, you can see my new post. I decided that I am going to reformat anyway, but before I do so all your efforts in helping me are not useless I'll try to fix it. Most of the stuff that you mention like cleaning cookies, temp and log files I do everyday. As a matter of fact right now I set up my temp files to be deleted every time I close browser and I blocked cookies, so that is OK. Good tip with garbage can, I got that fixed already. Actually I am typing from another computer right now. I quickly disconnected the other one from the Internet when I got back from PC Flank. I'll try to take it slow this time and I'll use 2 computers, 1 for my business and 1 for other stuff like searching Google and Forums and fighting with hackers

One question:

Can you tell me how to set up user.js file in FF?

user_pref("network.http.sendRefererHeader", 0);

Is this correct? I must be doing something wrong because it is not working.
This is how I do it:

1- create folder user.js
2- open it with WordPad
3- put the text in it
4- close the folder saving changes

Do I have to add something else in this folder or what am I missing here?

I remember that I got that from PC Flank few days ago while it was running fine, but now its dead and I can't find the answer