not sure if this is the area for this or not, but here goes

[viper91180]

ok, ive been told that even though i delete stuff from my computer, its still there, so say ive downloaded stuf from a p2p like kazaa or shareza, then after viewing the file i rigt click and click delete file, is it really gone or is is still in there somewheres hidden, and if it is, how can i permanently get rid of all of this, ?? im sure you all know what im talking about, but i havent got the foggiest, now i also have another problem, i use firefox and my gf uses ie, lately ive been getin ie poppin up all the time, usually with the screen, account frozen access denied page loaded, what can i do here to get rid of this, theres a tool bar on it that i cant delete or seem to get rid of and im almost sure thats causing alot of the trouble, at least thats when it all started.

[Aggressor Prime]

What is your Operating System?

[viper91180]

oops sorry, its xp profesional edition

[richh0323]

You have been to peer to per networks, you're computer is now loaded with spyware apps at the least. Most users avoid them, like free porn sites, nothing but trouble. You have to start out with a few things here. A. Get SP2, enable firewall, get all updates 1 do a update on you're virus software, run a compleat scan. 2 Get and run AdAware, update and run. 3 Get, update, and run CCshreader. 4 Get, update, KAZZA begone. 5 Do steps 1 - 4 again 6 If no improvement you must download and run Hijack this and post a log http://www.lavasoft.de/software/adaware/ http://www.spywareinfo.com/~merijn/files/HijackThis.exe http://www.spywareinfo.com/~merijn/downloads.html http://www.microsoft.com/athome/securit ... about.mspx

[viper91180]

ok, how about my other questionis the stuff i delete stored and how do i get rid of it all? oh and heres a log from hijackthis Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\mx.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Eset\nod32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOCUMENTS AND SETTINGS\MATT AND NICOLE\DESKTOP\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.stvidgzcrcbjosburk.uk/WIutcV ... AB1Bau.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uithfdfqdtbhrjijfrxu.org/WIu ... NKZFs.html R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0F6F5A78-A7A6-1C41-BB5D-1C3F119F0EDA} - C:\DOCUME~1\MATTAN~1\APPLIC~1\CURBBO~1\Procsecond.exe O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adware Remover] C:\mx.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\RunServices: [update.exe] C:\WINDOWS\System32\update.exe O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe O4 - HKCU\..\Run: [inter pile] C:\DOCUME~1\MATTAN~1\APPLIC~1\2GRIDF~1\Ref Flaw.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: TweakIE 3.1 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.1\TweakIE.exe (file missing) O9 - Extra 'Tools' menuitem: TweakIE 3.1 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.1\TweakIE.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: aans - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.aansontheweb.net (file missing) (HKCU) O9 - Extra 'Tools' menuitem: aans - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.aansontheweb.net (file missing) (HKCU) O9 - Extra button: nicole's work e-mail - {46FBD990-906E-4cd1-83EB-0523EE60006B} - http://www.nscc.ca/intranet (file missing) (HKCU) O9 - Extra 'Tools' menuitem: nicole's work e-mail - {46FBD990-906E-4cd1-83EB-0523EE60006B} - http://www.nscc.ca/intranet (file missing) (HKCU) O9 - Extra button: http://www.nscc - {49A4746B-488B-4843-9C66-F8C97464CF19} - http://www.nscc.ca/intranet (file missing) (HKCU) O9 - Extra 'Tools' menuitem: http://www.nscc - {49A4746B-488B-4843-9C66-F8C97464CF19} - http://www.nscc.ca/intranet (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O9 - Extra button: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU) O9 - Extra 'Tools' menuitem: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU) O9 - Extra button: nicole's work e-mail - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - http://www.nscc.ca/intranet (file missing) (HKCU) O9 - Extra 'Tools' menuitem: nicole's work e-mail - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - http://www.nscc.ca/intranet (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c5.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.gov.ns.ca/tran/cameras/msxml4.cab O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/can_ver10.CAB O16 - DPF: {A891DF3C-858A-453B-B45A-EB7325295FE7} (Hi5 ToolBar) - http://toolbar.hi5.com/files/hi5bar.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{989A0142-26A9-48C1-BB90-CF62CE4CEB25}: NameServer = 142.177.1.2 142.177.129.11 O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

[richh0323]

You have a lot of nastys in your computer, check log on fix all the nastys, fix all the file missing entries, check the other entries if you don't recognise them fix them, then repost after you do this. No deleted file, yes even after you delete they are still there. Example if you deleted dos.exe it would show up as xos.exe, if the file was to be recovered by a recovery software. There is a program that you can delete and shread files and it's free. http://www.snapfiles.com/get/simplefileshredder.html C:\mx.exe Unknown running process. (mx.exe) This is a unknown process C:\Program Files\Eset\nod32.exe Unknown running process. (nod32.exe) This is a unknown process. O2 - BHO: (no name) - {0F6F5A78-A7A6-1C41-BB5D-1C3F119F0EDA} - C:\DOCUME~1\MATTAN~1\APPLIC~1\CURBBO~1\Procsecond.exe Unknown Entries found in this registry zone are potentially nasty. This application ([0F6F5A78-A7A6-1C41-BB5D-1C3F119F0EDA] - Result: ) has been checked. Hit rate: -1 % Unknown application O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll Nasty Entries found in this registry zone are potentially nasty. This application ([4A2AACF3-ADF6-11D5-98A9-00E018981B9E] - Result: 4A2AACF3-ADF6-11D5-98A9-00E018981B9E) has been checked. Hit rate: 99 % Must be fixed! O4 - HKLM\..\Run: [Adware Remover] C:\mx.exe Unknown Hit rate: 4 % (result) Unknown application. O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s Nasty New Dot Net Spyware Hit rate: 99 % (result) Must be fixed O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe Nasty W32.Kelvir.B Hit rate: 99 % (result) Must be fixed! O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe Nasty W32.Kelvir.aj Hit rate: 99 % (result) Must be fixed! O4 - HKCU\..\Run: [inter pile] C:\DOCUME~1\MATTAN~1\APPLIC~1\2GRIDF~1\Ref Flaw.exe Unknown Hit rate: 13 % (result) Unknown application O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm Nasty The entry &AIM Search has been identified as nasty. O9 - Extra button: aans - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.aansontheweb.net (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'aans ' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra 'Tools' menuitem: aans - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.aansontheweb.net (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'aans ' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra button: nicole's work e-mail - {46FBD990-906E-4cd1-83EB-0523EE60006B} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'nicole's work e' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra 'Tools' menuitem: nicole's work e-mail - {46FBD990-906E-4cd1-83EB-0523EE60006B} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'nicole's work e' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra button: http://www.nscc - {49A4746B-488B-4843-9C66-F8C97464CF19} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'www.nscc ' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra 'Tools' menuitem: http://www.nscc - {49A4746B-488B-4843-9C66-F8C97464CF19} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'www.nscc ' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'WeatherBug ' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra button: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU) Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'AddaButton ' is unknown. O9 - Extra 'Tools' menuitem: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU) Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'AddaButton ' is unknown. O9 - Extra button: nicole's work e-mail - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'nicole's work e' is unknown. Unnecessary (deactivated) entry that can be fixed. O9 - Extra 'Tools' menuitem: nicole's work e-mail - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - http://www.nscc.ca/intranet (file missing) (HKCU) Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'nicole's work e' is unknown. Unnecessary (deactivated) entry that can be fixed. O10 - Hijacked Internet access by New.Net Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org. O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c5.cab Nasty This entry is possibly nasty. Should be fixed. O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/can_ver10.CAB Nasty This entry is possibly nasty. Should be fixed O16 - DPF: {A891DF3C-858A-453B-B45A-EB7325295FE7} (Hi5 ToolBar) - http://toolbar.hi5.com/files/hi5bar.cab Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not. O17 - HKLM\System\CCS\Services\Tcpip\..\{989A0142-26A9-48C1-BB90-CF62CE4CEB25}: NameServer = 142.177.1.2 142.177.129.11 Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '142.177.1.2 142.177.129.11'? If not, fix this entry.

[viper91180]

hmm ok thanks ill do that now, im more concerned with like movie files and stuff like that, say i delete the movie miss congieniality 2.mpg is it really gone? or is it just moved and renamed like in your example

[richh0323]

You can use the file shreader utility I suggested before, or you can do a defrag. That will destroy delated files as it moves the files from sector to sector. Of course if you really want to get rid of all traces, even forcenic traces you will have to format, then do a data fill of ones and zeros. This can be done with a program from the Ultimate boot CD.