I have had Ad-aware and Spybot search and destroy on my laptop for quite some time now and they have both always worked very well for me.

The last little bit when I try to load either of them to do a scan as soon as the window loads it immediately disapears. There are no other applications that are behaving this way.

I have tried to uninstall, so that I can re-install and when I go into the control panel to do that, as soon as the uninstall window opens it immediately disapears.

I have wondered if its a pop-up issue, and as far as I know all pop-up blockers have been disabled, (as far as I know).

Any ideas as to what is happening here?? My laptop has a Celeron M and is running on XP, my anti-virus is Kaspersky and is working just fine.

Do ad-aware and spybot just dissapear or are they still running in the processes after they dissapear from the screen? Go to ctrl+alt+delete and see if ad aware and spybot are still in the process list.

see if they will start in safe mode maybe ?

http://castlecops.com/t142468-Computer_is_slow_ad_aware_and_Spybot_S_amp_D_wont_ run.html


does your antivirus program work ?

Alot of times, virus will disable anything that could remove it from the pc and to control your pc. Boot up in safe mode and install a virus scanner or use what you have to clean it, and may have to google the causes to find out what virus thats doing the damage and manually remove it in safe mode.

What you're describing is usually virus behaviour. As a quick check, try bringing up a command prompt, msconfig, and the task manager and see if the same thing happens to any of them. Your antivirus and firewall may be disabled, as well.

With any luck you might be able to stop it from happening by disabling the right startup items in safe mode, but some of the nastier ones will compromise your security software, bind to the network or other critical system processes, and even load up before windows. In the first case you might get off by rooting out the offending software and reinstalling your security software (just in case), but in the second it's usually easier to just reinstall the os.

No it is not still running when I push ctrl alt del. They just seem to vanish. Kaspersky is working fine and they do not run in safe mode either. Oddly enough just today, now I have noticed that sometimes when I try to open a Firefox window, it just seems to vanish after it opens. Sometimes I can get into a website, and then I click on something and poof, its gone again. It does not do this with IE.

so a full system scan with the latest definitions with your anti virus turns up nothing?

it might be worth getting a second opinion


maybe try some of these places



Jotti's malware scan (http://virusscan.jotti.org/) . . Panda Active Scan (http://www.pandasoftware.com/activescan/activescan/ascan_1.asp) . . PC Pitstop (http://www.pcpitstop.com/) . . Freeware online Trojan scanner (http://www.trojanscan.com/) . . Symantec Security Check (http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym) . .
McAffee Online Virus Scanner (http://us.mcafee.com/root/mfs/default.asp) . . TrendMicro HouseCall (http://housecall65.trendmicro.com/)

Do you have another computer into which you can put the hard drive from this computer? If you do then you could swap it out and run a virus check, adware et all check, and maybe even a rootkit check. I think F-Secure BlackLight is a free to use beta at the moment for performing the rootkit check. This way you don't have to worry about anything trying or being able to stop you from removing it from the hard drive. Maybe a friend or relative's computer, if you don't have another one yourself. If you have another hard drive try putting an O/S on it and booting from it instead. A small unused hd would be perfect for this, as other larger ones may already be in use. That way you can do the same thing from a spare drive, instead of swapping out the hard disk. I have heard of what Shawners mentioned maybe you are infected with something that is disabling anything that may be able to eliminate it. Ad-Aware has a free version you can use for adware, and the free NOD antivirus trial. That's what I would recommend anyways. Good luck!

its a laptop...
not that what you suggest still isn't possible
but slightly more difficult and expensive

this sort of problem does sort of reak of rootkit

so a full system scan with the latest definitions with your anti virus turns up nothing?

it might be worth getting a second opinion


maybe try some of these places
No Kaspersky is a good AV, better than every single one listed in that list. There is no need to get a new AV. Are your sigantures properly updated? Also as I already said check if the program still has its process running by going to ctrl+alt+delete.

Trend micro, has often found things that others have missed. No antivirus is perfect, so a second opinion is a valid option.

Trend micro, has often found things that others have missed. No antivirus is perfect, so a second opinion is a valid option.
Im just wondering, what others?

Yes, it is a laptop so it would be quite hard for me to do that.
I ran a Hijak This Log, and I am not sure, I am still a learner here, but I think there might have possibly been some Malware in the startup. Not completely sure how to recognize it.
I did get both of them to run yesterday for the first time in days after I restarted, and they found nothing, just some tracking cookies, and Kaspersky finds nothing also.
FIrefox is still vanishing on me when I load it, and now niether program will load again.
Could the Malware be doing this??
Life Hacker, they are not running in the processes when they vanish. It seems they just won't load at all, but like I said, after some persistence, I did get them to finally go yesterday, but they didnt seem to find anything interesting.

lifehacker, http://housecall.trendmicro.com/

lifehacker, http://housecall.trendmicro.com/
I know I'm just wondering what AV you were talking about when you said that you once had TrendMicro discover something another AV did not.

It can be almost any, as I have tried most including Kaspersky, and at time they all can miss things, or have false positives.

It can be almost any, as I have tried most including Kaspersky, and at time they all can miss things, or have false positives.
True enough, nothing is perfect.

I ran a Hijak This Log, :hi
post that if you can


lifehacker, i never suggesting to get rid of anything
i believe these days malware/virus..etc are good at rendering certain programs useless
even good ones
the online ones might get around that

Here is the log for Hijack This. So am I seeing suggestions that I should try a few other scans from other programs??




Logfile of HijackThis v1.99.1
Scan saved at 9:33:17 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stefanie Stucki\My Documents\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=70.103.160.5:3128;gopher=70.103.160.5:3128;htt p=70.103.160.5:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131859238436
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/sna...webinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

I did one with Silent Runners also. Should I post that?

yeh i would be interested to see that

PAStiSvc.exe so far seems to be the only real suspect
http://www.whatsrunning.net/whatsrunning/QueryProcessID.aspx?Process=1840
23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



do you know what that is related to ?

3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
maybe?

looks like these things have been cleaned up

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)

but might be still screwing things up a bit



9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
is that something to do with bitdefender?

lifehacker, i never suggesting to get rid of anything
i believe these days malware/virus..etc are good at rendering certain programs useless
even good ones
the online ones might get around that
Yes, things like the 00001/00002 virus which automatically kills all Real-time Antiviruses. Yet most online antiviruses are slower and have a worse detection rate. I use ProcessGuard to stop any changes from being made to antivirus files.

9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
is that something to do with bitdefender?
Yes its the BitDefender uninstallation.

3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
maybe?
I doubt thats spyware. Its actually supposed to scan for spyware.

O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe

SVCHost does NOT run in the system startup legitimately, and the legitimate file is located in c:\windows\system32.

well spotted !
:D

http://virusinfo.prevx.com/viruscenter.asp?GRP=4814500017

it seems to be an antispyware program of some sort or is it a keylogger?

Very very nasty infection.

This website gives detailed information on it: http://vil.nai.com/vil/content/v_134757.htm

Basically, it records EVERYthing. It even takes screenshots. You'll need to remove the files indicated on that page, clear out your active-x controls and that proxy, and reinstall your security software. Also, get a good firewall. After that, you'd best change ALL of your passwords.

http://vil.nai.com/images/134757_d.gif


There nice find muffin_man. It says " prevent anti-spy programs from running on the computer." We have found the culprit. Is Kaspersky alwasy running on real-time on your computer violet storm? If yes what version are you using? Its interesting that Kaspersky could not find it I wonder why (or maybe for some reason its just not in KAV's signatures).

is the C:\WINDOWS\System32\PAStiSvc.exe related to this somehow i wonder ?
seems a bit strange what ever it is..

WOAH BOYS!! Slow Down,,,,Ya'll are losing me here, :-) English here for the one that feels behind!!! Teach me!!!! In general terms, I am not known to be a computer retard, but I am sure feeling that way now, :icon_scra
I see nasty nasty infection, where? when? How do I remove it? lol
I see the PAStiSvc.exe on my system processes running pretty high, I have tried to close it out, but it seems to keep coming back. I have wondered if it was something nasty. Was thinking about "googling" it, but had not gotten around to it yet.

The Comcast Toolbar is a toolbar that is provided by my internet provider,,,,"Comcast", and yes it does have a little spyware scanner on it and a popup blocker, that is where I access the web-mail and the internet security settings for enabling content filter when my children use the internet. Not spyware, I didnt think anyways.

OK, I am going to post the Silent Runners Log.


"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"PINGER" = "C:\TOSHIBA\IVP\ISM\pinger.exe /run" ["TOSHIBA Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize" ["Kaspersky Lab"]
"Windows LSASS Service" = "C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe" ["Home"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Comcast Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{7C7A8947-5935-4430-AC0E-E7D04697414E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "metaspinner GmbH"
\InProcServer32\(Default) = "C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL" [file not found]
{CD9B7762-DFBC-42B1-BB30-02A78287B456}\(Default) = (no title provided)
-> {HKLM...CLSID} = "metaspinner GmbH"
\InProcServer32\(Default) = "C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{2F5AC606-70CF-461C-BFE1-6063670C3484}" = "Display CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
\InProcServer32\(Default) = "c:\Program Files\Toshiba\TouchED\TouchED.DLL" ["TOSHIBA Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Stefanie Stucki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
-> {HKLM...CLSID} = "Comcast Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" = (no title provided)
-> {HKLM...CLSID} = "Comcast Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\System32\DVDRAMSV.exe" ["Matsu****a Electric Industrial Co., Ltd."]
Kaspersky Anti-Virus Service, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"" ["Kaspersky Lab"]
STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]
Swupdtmr, Swupdtmr, "c:\TOSHIBA\IVP\swupdate\swupdtmr.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Dell Network Port\Driver = "LEXLMPM.DLL" [file not found]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 45 seconds, including 15 seconds for message boxes)

LifeHacker, sorry I didnt see your question until after this last post.
Yes, Kaspersky is always running on real-time on my laptop, I am using version 5.0.527. The scans are clean, it doesnt seem to find anything.

oh my, Ok, that 007 spy software was an experimental thing that I downloaded just to see how it works for my mother. I never used it, and well, uhmmm, I suppose I forgot about it. Was that a nasty download?? From what I recall it telling me, it will show up in my system processes as a svchost, in my name, but it pretty much doesnt show up anywhere else, obviously, since its spy software. I Completely forgot about it and now that I think about it, how in the heck would I remove that if it doesnt show up in the control panel?

could
PAStiSvc.exe
be related to some web cam software ?


it seems like 007spyware is also obtained though those bundled screensaver installers
you need a keylogger removal tool of some sort
some more info here

http://www.spynomore.com/spyware-007-spy-software.htm

you need to pay for that tool :/
not sure what the recommended free program for getting rid of it is....somone will put you on to something

is there an option in your anti virus to check for unwanted programs ?

wtf is this ?
http://spyware007.com/

is this related to this shit ?
now i am getting confused ..

wtf is this ?
http://spyware007.com/

is this related to this shit ?
now i am getting confused ..
007 seems to be a popular name (from agent 007- James Bond)

Anybody know the exact list of anti-spyware applications this blocks?

This is the link that I stupidly downloaded the 007 shit from.
http://www.e-spy-software.com/download.shtml

Oops, my bad. Was thinking desktop, not laptop. I'm blind. Anyways, where I did my internship they had a neat trick. They would use an inclosure for an external drive (desktop hard drive size, not laptop hd size) and perhaps an adapter as well to hook up a notebook/laptop drive through a desktop external enclosure through the use of USB. Should be fairly cheap to purchase. Or perhaps you can find someone who has these things. Then you can do what I proposed early. Or of course you can just reformat the hard drive and reinstal the O/S & appz. One idea for the future maybe to download all needed appz, drivers, etc.. burn to cd, redo everything/intall everything/set everything the way you want it, and then use norton ghost to make a backup image. That way if something bad happens again you can easily get everything back to normal by restoring the image (takes approx 30 min). This is not bad as opposed to everything you would normally have to do, which would take much longer! Good luck!

Just to clarify I meant hooking up the laptop drive to a desktop computer via an external hard drive enclosure. But in my experience once your computer gets really infected with nasty stuff like what it sounds like you probably have it's better just to reformat & reinstall. But it's up to you. Good luck!

This is the link that I stupidly downloaded the 007 shit from.
http://www.e-spy-software.com/download.shtml
lol, you actually downloaded the keylogger yourself. Read what youre downloading better next tiem. :drunken_s
Since you downloaded the keylogger yourself you should be able to do a simple uninstall (unless its a good keylogger meaning the uninstallation file is hidden/does not exist). Or you might try to go to the keylogger's options and see if you could do anything there.

u no wut works wen u have givin up.install a fresh copy of windows either over ur current or on a new partion

LOL!! Yes, I love it when after all the interest is taken into me to narrow down my nasty problem, and we all end up finding out I did it myself!!! And Ya'll get a good laugh!!! LUV THAT!! (crackin up over here!!!)

I did that a while ago (ok, a week and a half ago) when my mom was asking me how those kind of programs work, and I just did it, then forgot about it, its true now that I think about it, thats when all my problems started. It seems worse today even, Mozilla is ghostly within seconds, along with, of course spybot and adaware.

So, ok, Lifehacker, this keylogger, that I need to uninstall......its true, unistall files are hidden/non-existent. And as for finding the options???? Never even used the darn program, downloaded it....forgot about it.
I vaguely remember it giving me a file address, (c/programfiles/commonfiles/microsoftshared/DAO----svchost) buts its not openable.
So, how do I uninstall?

you could give something like this a try
http://www.freedownloadscenter.com/Utilities/Misc__Utilities/Webroot_Spy_Sweeper_Smart_Spyware_Removal.html

Multi, Is the 007 considered spyware?? This will wipe out the program?

not sure... i think from all acounts spyware blaster is pretty good and its free
anyway
this one says it does
http://info.prevx.com/downloadremove.asp
but its a 60 day trial

did you even look at any of the removal instructions on the pages that have been posted so far ?
like this one
http://vil.nai.com/vil/pups/configuration.aspx

The Violet Storm, 007 would be considered spyware yet since neither ad-aware nor spybot were able to run Im not sure which anti-spyware will. Ok this is what I want you to do press ctrl+alt+shift+every letter on your keyboard (in turn) and see if a window pops up asking you for a password. This is the default way of installation of a keylogger, you have to access its control panel by a key combination and a password.

Holy F*#%!!!! Ok, getting old I know, SO.....I cannot download anything!!!! When I try, I click on run, and POOF!!! Gone!!
Mulit, tried the spyware blaster, poof, poof, poof!!! Its not just firefox anymore, IE has joined in the fun.
Are we thinking.....new OS??
Yes, tried Mulit.

LIfehacker, trying that, here in a sec, will get back in a sec.

Are we thinking.....new OS??
I doubt its serious enough that you will have to reinstall windows.

Nope No Luck!

Hm, try ctrl+alt+shift+0 are you sure ctrl+alt+shift+k did not work?

Some thoughts.
http://virusinfo.prevx.com/viruscenter.asp?GRP=4814500017

http://www.securemost.com/articles/trou_3_remove_007_spy_software.htm

http://labs.paretologic.com/spyware.aspx?remove=007%20Spy%20Software

Edit:

http://www.waresight.com/keylogger_faq.shtml

No Luck Lifehacker. :-(

Ok, installing PrevX1 right now, cant believe its letting me.

You could always try an online scanner. Or try one of these scanners: Windows AS Beta, CounterSpy, SpySweeper, SpywareDoctor, PestPatrol, a-squared, Ewido, TrojanHunter, BitDefender, Avast! or AVG.
Im still very suprised that Kaseprsky wanst able to stop this. Is your Kaspersky properly updated?

Violet I got my fingers crossed for you, and let me know how you make out.

Hunter, relax those fingers!!
The Prevx1 did the trick, (I hope anyways) It found the 007 as Malware and Jailed it. It also found 5 other malicious files and put them in the holding cell, they did not pass go, they did not collect 200$. :-)
My question is......this is just the trial version of this program, so when the trial period is over, and I dont purchase it, (cuz I just dont do that, :-)........ is that the get out of Jail free card?????
Lifehacker, not sure why Kaspersky didnt kabosh my curiosity from the start of this irresponsible click, but yes it is fully updated, sometimes hourly it seems. And it has definately stopped other things, so I know its doing something.
Thank you so much for all the attentiveness. Feelin the cyber love!! Ya'll ROCK!!

All I know so far is that Ad-aware loaded, havent tried to scan yet, but the assumption is that its gonna work. (snort)

Im not sure what happens when the trial period is over, but at the very least it bought you some time. Im only too glad to help.

My question is......this is just the trial version of this program, so when the trial period is over, and I dont purchase it, (cuz I just dont do that, :-)........ is that the get out of Jail free card?????
No I doubt it is. Your anti-spyware likely just removed the 007 keylogger not the trial from it.

Another question about your Kaspersky, what version are you running as well as what settings are you using? Sorry for all the questions about Kaspersky but I test different AVs and this is a major failure for KAV, so Im wondering how it happened.

It is not a failure of the antivirus, as they generally do a poor job of this kind of thing. You generally need a specialized tool for this job.

This may also be of some help.

http://free.prevx.com/

It is not a failure of the antivirus, as they generally do a poor job of this kind of thing. You generally need a specialized tool for this job.
That is true about some AVs but not in this case. Kaspersky has a higher spyware detection rate than almost any other anti-spyware including ad-aware, spyBot, SpySweeper, Microsoft Antispyware, WebRoot's, PestPatrol and many others. It is very suprising that Kaspersky's OD scanner could not find this.

this one says it does
http://info.prevx.com/downloadremove.asp
but its a 60 day trial

hope it can get rid of it..
Yes, tried Mulit.
:icon_shak


if worse comes to worse , a new install of windows is always nice
just dont forget to back up as much as you can

Is the proxy still there? If so, I'd remove it.

apparently its an old ip (in that log)
already PMed him about that one

Violet it sounds like if you turn off the automatic jailing feature, you wont be able to turn it back on unless you but it.
as long as it solves your problem, thats the main thing.

All our products (ABC, Family, Enterprise etc.) can be trialed on a single PC.

* During the initial 45-day trial, you can use Prevx 1 the same as the fully paid version.
* At the end of the trial period, the automatic "jailing" feature can be disabled. Prevx 1 will continue to detect and warn you about malware, but to enable the Jail again, you will need to upgrade to the paid version. You can upgrade from the trial to the full version at any time.

LifeHacker, I am using version 5.0.527, now as for the settings, tell me exactly what you are looking for, I could get into some real detail here that might not be what you want.

Multi, Female, you PM'd HER. :-) he he

my bad !

wasn't thinking at all
:icon_shak

http://www.pcworld.com/resource/infocenter/0,ctrid,7,ic,SpywareandSecurity,00.asp

This may also be of some help.

http://free.prevx.com/

I just downloaded and installed this program to see how it would stand up to other programs that I've used.

First I scaned my computer with Nod32, Webroot SpySweeper, Ad-Aware SE, Spybot S&D and BitDefender's online scanner. My system was found to be 100% clean by all.

Then I scanned with PreVX1 and it found 5 malwares after taking over 3 hours to scan.
The malwares it found were all false positives. Moved them all to the jail.
1. BearShareLite (webstats.exe)
2. C:\Program Files\Mario Forever\Mario Forever.exe (a clean game)
3. C:\WINDOWS\system32\SVKP.sys (SVKP driver for NT Microsoft)
4. C:\Program Files\Mario Forever\uninst.exe (the game's uninstaller)
5. C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP276\A0054817.exe (which is system restore file for Mario Forever's installer)


Based on these false positives, I would never trust this program.

I moved the files back to my computer and uninstalled this program.


Thanks.:icon_thum

Lifehacker, here is some of the details on my settings, again version 5.0.527, Let me know if you need more.

Real Time Protection settings--Real Time File Protection, Macros and Script Monitoring is Enabled on the
Recommended level.
--Detected objects are Prompted for action.
--Also for Mail, Dangerous are disinfected or Deleted, Quarentined if suspicious.
--Real Time protection against network attacks is Enabled and set to notify user.
(not set on stealth mode)
--Scan levels set on Recommended.
--Automatic updates are set for every 3 hours, critical.

Real Time Protection settings--Real Time File Protection, Macros and Script Monitoring is Enabled on the
Recommended level.
--Detected objects are Prompted for action.
--Also for Mail, Dangerous are disinfected or Deleted, Quarentined if suspicious.
--Real Time protection against network attacks is Enabled and set to notify user.
(not set on stealth mode)
--Scan levels set on Recommended.
--Automatic updates are set for every 3 hours, critical.
Thanks thats exactly what I needed.

littlebits be that as it may, it did find and quarintine 007 for her after the other ones failed. I have also had false positives with many programs, and I dont find that any more troubling, then having many programs miss the actual problem. What it does come down to, is that we all have to be more careful about what is going on with our computers, and before installing, or removing things to be sure and do a thorough search so we are sure we are going to get the desired results.

I'm glad this program worked for her and she got rid of this crap, but under normal conditions if her programs wasn't disabled, others would have did the same job. Just didn't want anyone to get the impression that PreVX1 is the only program that will remove 007.

Webroot SpySweeper- http://research.spysweeper.com/search.php search for "UFP 007 Spy"
PestPatrol- http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082794
Spybot S&D- http://www.safer-networking.org/en/ look at Updates 14. April 2006 "007 Spy Software"
PCTools SpywareDoctor- http://www.pctools.com/mrc/infections/id/007+Keylogger
Symantec Products(Norton)- http://securityresponse.symantec.com/avcenter/venc/data/spyware.007spy.html

Those are the ones that I could find that delected and removed 007 spyware, but I'm sure that Ad-Aware SE and many other adware/spyware and some AntiVirus software will also detect and remove 007 spyware.

SpywareBlaster and SpywareGuard will prevent 007 spyware for getting installed in the first place.
Both are free- http://www.javacoolsoftware.com/products.html


Thanks.:icon_salu

Yes littlbits, the problem was not that I didnt have the proper protection. Aparently the 007 disable my Spybot and Ad-aware from even being able to load. So how can they find it and get rid of it when they get cut off at the knees before they have the chance. Its a mystery as to how I pulled this off without even Kaspersky blinking an eye. (or maybe its not?)
I supppose luckily the prevx1 didnt remove anything that it shouldnt have, just all the files related with 007, which is the job it was given.
Mozilla, IE and the rest of the gang is all running smoothly again. I suppose that was the goal of this hot topic of the freakin week eh? Me Me, Me, it was all about ME! :-)
Again thank you boys!!

http://stopbadware.org/home/new

if you can be bothered ...

glad its all going smoothly again for ya !

I find it a bit funny that some folks dont like my solution, although it did work. If you have better ways to solve a problem then speak up. I waited until others tried to help, and then offered possible cures, one of which actually worked. I was not greatly concerned about her having false positives, just killing the piece of crap that was causing grief.

out of all the stuff i looked for, the prevx seem to be the only one that went after the 007spy thing...wasnt sure about spy sweeper/blaster. Credit where credits due Muffin Man found that rouge svchost which i totally missed in the hijackthis log

Its good seeing people help each other out ,working on someone elses problem
one thing i have always liked about this place

Everything seems to be back to normal, the only thing I have noticed is that Firefox is loading quite a big slower than it used. A while back, I had tweaked it to the point that it dumped new windows pretty laser like.....but it seems to have lost that capability. Not sure if it is a result of all this or not.
But other than that, All systems a go.

get the latest version if you havent already.
there is a cool little app called fire tune
that gets it tweaked quite nicely..
http://www.totalidea.com/freestuff4.htm

Well, it's been almost a year since this post started but I've stumbled upon 007 Spyware this afternoon at my friends PC.

After a search I found the SVCHOST.EXE in a wrong place to be started. I've used Process Explorer from Sysinternals (now microsoft) to kill the process!
After this SpyBot installed like a charm! Even with updates and removed the 007 Spyware with easy. No more SVCHOST.EXE at bootup!

Maybe a year to late for "The Violet Storm" but hey - maybey for some other folks outthere!

hell it's been almost 2 years.

*

can we start banning idiots reserecting old dead threads

I love old threads. Its what the "search" Button is for.

This is so funny I was just looking at this post not even 5 mins. ago wondering if I should reply to it and wake it up, and then Feather and Mels_Smileys45 reply, LOL....

I love old threads. Its what the "search" Button is for.

lets see...
"use the search function you dumb f*@k!" (or to that effect)

or

"throw the thread bumping ba$ta3d to the lions" (or to that effect)

i'd like to agree with you mels, but it's time to go into lemming mode:

burn that newb in hell!!