chris2k06

hey guys..I did absolutely everything 4 or 5 times as you guys described. I ran everything in safe mode as well as normal. I tried to set up Windows Defender but it wouldnt work becasue whatever virus I had changed my XP O/S so when I tried to update it said it was "installed wrong or not a legal copy". I bought it from DELL and the key code for authentication is on the bottom of the computer. DELL tried to help but they seem to feel the hardrive must have been damaged. Mcaffee stopped and deleted the puper from coming back as it notified me several times it stopped it. HOWEVER, after all that, the browser was still hijacked saying "about:blank" and then i get notification Downloader-Aux is found and cant be deleted, quarantied, or anything. After shaking my head in disbelief, I tried everything again as well as several new ones from download.com and pctools. Nothing worked. I finally found something someone had posted here about a program called "EWIDO ANTIMALWARE". I disabled system restore, ran this on normal, then safe, then normal again. It deleted the trojan - downloader-aux, and restored my browser. Thanks again for everyones help. My only other concern is that I paid my credit card bills online yesterday and my cc info and ss was inputed onto the cc secure site. If the trojan (downloader-aux) was still on my browser, would they have been able to get that info? I am very very worried. Txs agian everyone.

hi...I am going to back everything up tomorrow...my issue is I cannot find my install disks anywhere...I even calledDell asI have 1 year left on warranty and they said the same thing about just reload but I cant find the dumb disks.... my frustration is that I have run 1. Mcafee - normal/safe 2. Spybot - normal/safe 3. Ad-aware - normal/safe 4. Spyware blaster 5. HiJackthis All have come up clean or normal yet when I try to re-set my home page it goes back to blank. I can only guess it is because my browser has some changed or is hijacked somewhere. I got the sfc /scannow to work (it was my fault as I needed to leave a space between the sfc and /scannow). It is running now an dI will see what comes up....txs for the help

here is what hijackthis says...I have not clicked on the Logfile of HijackThis v1.99.1 Scan saved at 10:31:59 PM, on 4/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\basfipm.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\dcomcfg.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Digital Line Detect\DLG.exe c:\PROGRA~1\mcafee.com\agent\McDash.exe c:\program files\mcafee.com\shared\mghtml.exe C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\Program Files\PowerArchiver\POWERARC.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_PA461\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R3 - Default URLSearchHook is missing O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE30B.tmp (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [bascstray] BascsTray.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: winmfx32 - C:\WINDOWS\SYSTEM32\winmfx32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Also, now I cannot open the sfc/scannow It says window cannot find. Even when I type sfc it flashes then disappears. I tend to think from my reading that my browser is hijacked since it always comes up "about:blank" for home page. I have run ever single program here and they all say all clear but I dont know what is going on. Thank everyone for the help. Please tell me the next step.

ok...I ran the mcafee 10.0 I have again & spyboy (dowloaded from download.com) and adaware (downloaded from download.com). I ran them all in regular mode and in safe mode. The system would not let me out of safe mode so I had to go to run and uncheck safe mode in boot. Anyhow, they all came back "clear" but my browser seems to still be "hijacked" as it still comes up "about:blank:. I am going to run the scannow and see what happens. Thanks again everyone for all the help. I will let you know as soon as it is done.

Thank you for the help.....I ran the spybot (it made me update it to the newest version first with all the updates before it would run) and delted 26 items not before found. I am not running adaware and waiting the results. I also got the sfc/scannow to run. Should I abort that right now until the adaware is done? I have the newest version of Mcafee I bought 2 weeks ago. Please let me know about the sfc/scannow if I should aboort. i will then follow the other instructions. Txs agian everyone.

I am running the dowload scan from spybot right now. Should I then do ad-aware? That is actual what got me in trouble was the link I clicked on that gave me the viruses said "Adaware-B' which it was really a virus/torjan. I am runnig spybot right now and it alone has found a bunch microsoft and mcafee missed. I am trying to run a sFC. I opened command prompt, then typed sfc. It give s me choices but how do I make the scannow work? I dont know why it isnt working how I am doing it. Thanks everyone. I am not running adaware-se and waiting to see how that comes out.

here is what it says when I do that: "A system error has occurred. System error 1717 has occurred. The interface is unkown." I also re-did this hoping it would clear things up a little. I am hoping I can list the events exactly as they occur. 1. If I click on start>control panel>administrative tools>services>task scheduler> then start... I get the following error: error 1717: interface is unkown. It is set to automatic, the log on is set to local system account>allow service to interact with desktop. Path to executable: C:\WINDOWS\System32\svchost.exe -k netsvcs 1. Start>all programs > accessories > system tools > scheduled tasks> when I click on it the following error appears: "The specific error is: 0x80041315: The task scheduler service is not running. An error has occurred attempting to retrieve the task account information. You may continue editing task object, but will be unable to change task account information." UNder the advanced tab the "AT Service account" is not clickable (hidden-can see but cant click almost invisbale) Under task it says: " c:\program files\mcafee.com/vso" run: program files\mcafee.com\vso\mcmnhdlr.exe"/runtask:0 Thanks in advance. p.s. I also ran microsoft antispyware and it says the sysytem is clean.

Hi everyone...I really need help...I have spent 5 days trying to work on my problem and have done nothing but make it worse. I had mistakenly clicked on a file (Active x) that was hidden in another. It released 75 viruses and trojans on my computer. I have the newest version of Mcafee. It removed everything except the Puper trojan which couldnt be deleted. I followed the instructions listed under the Mcafee boards (they had a download link listed which was the only removal tool) and after 2 days was able to finally remove the virus. Howver, it has disbaled my Task Scheduler. I have tried to follow the advice listed here under different topics and it has caused my problem to be worse. I am hoping I can list the events exactly as they occur and hopefully someone can walk me through exactly what to do. 1. When I click on scheduled tasks it says: "general page initialition failed. The specific error is 0x80041315. The task scheduler is not running. An error has occurred attempting to retrieve task information. You may continue editing the task but will be unable to change task account information." It is clicked enabled but will not run. Under the advanced tab, the AT Service Tab is there but "invisable" and not clickable. Here is what the schedul task log says: ""Task Scheduler Service" Exited at 4/29/2006 8:22:52 AM "Task Scheduler Service" Started at 4/29/2006 8:23:53 AM "Task Scheduler Service" 4/29/2006 8:23:53 AM ** Error ** A failure occurred during service initialization. The specific error is: 0x800706b5: The interface is unknown. "Task Scheduler Service" Exited at 4/29/2006 8:23:53 AM "Task Scheduler Service" Started at 4/29/2006 8:25:41 AM "Task Scheduler Service" 4/29/2006 8:25:41 AM ** Error ** A failure occurred during service initialization. The specific error is: 0x800706b5: The interface is unknown. "Task Scheduler Service" Exited at 4/29/2006 8:25:41 AM "Task Scheduler Service" Started at 4/29/2006 8:31:38 AM "Task Scheduler Service" 4/29/2006 8:31:38 AM ** Error ** A failure occurred during service initialization. The specific error is: 0x800706b5: The interface is unknown. "Task Scheduler Service" Exited at 4/29/2006 8:31:38 AM "Task Scheduler Service" Started at 4/29/2006 8:37:26 AM "Task Scheduler Service" 4/29/2006 8:37:27 AM ** Error ** A failure occurred during service initialization. The specific error is: 0x800706b5: The interface is unknown." I then tried this: "SYMPTOMS When you attempt to start Task Scheduler, you may receive the one of the following error messages: Error 2147750678: Could not start the Task Scheduler service on local computer. The service has returned a service-specific error code. -or- Error 6200: Could not start the Task Scheduler service on Local Computer. The Task Scheduler must be configured to run in the System to function properly. Individual tasks may be configured to run in other accounts. When this occurs, the following event is registered in the System log in Event Viewer: Event ID: 7024 Source: Service Control Manager Description: The Task Scheduler service terminated with service-specific error 2147750678. When starting a task that has been added to Task Scheduler you get the following error message: General page initialization failed. The specific error is: 0x80041315: The task scheduler service is not running. CAUSE This behavior can occur because the task scheduler is not set to Log On as the Local System Account. RESOLUTION To resolve this behavior change the Log On parameters from a User Account to the Local System Account. MORE INFORMATION To fix this behavior follow these steps: 1. Right-click My Computer and from the drop down menu click Manage. 2. From the Services and Applications menu, click Services. 3. From the right scroll down menu, double-click Task Scheduler. 4. Click the Log On tab, select the Local System Account and Allow Service to Interact with Desktop options, and then click Apply. 5. Click the General tab, click Start. " And I get the error 1717: the interface is unknown. Also, now when I click on internet explorer, no matter how many times in tools, internet options i change the home page, it always comes up blank. I dont know what to do and would really appreciate anyones help. Txs Title Edited - Please follow posting rules from now on. --Zxian