x2
!!! :ugh2:
no it’s amandas computer
So did any of this help?
i didnt’ take out everything that sonny said cuz half of that was the spyware program i want running (ewido) but i did take out the temp ones and i didnt’ see the message pop up
none of those need to launch on startup… a simple dll exploit can attach a running process to a startup process post-startup… so the service will load under the executable it exploits.
startup should be barren…
dump temp files and BS files that have been recently modified in sys32…
it’s just one file out there that’s a pointer for something on the interweb to cast the pop ups to.
but without them in startup then i’d have to have her manually start the program that runs in the background for scanning…she’s not gonna do that
on a side note my IE on my work laptop won’t load all the images on a web page
More spyware… this has been discussed in the “Help” forum already, General G had the same problem.
Did you do all the spyware scans with Windows in Safe Mode? I didn’t see that you said you did that. I had a nasty one that wouldn’t show up unless I had Windows in safe mode, and then it would trick me into pressing the button that kept it on the computer.
do people not read the first line in threads? both you and newchic missed the very first line
can’t find any info on it, ran adaware, spybot, microsoft spyware removal, spy detector something or other, and ewido…i ran ewido last (in safe mode) and it detected another 23 that the others did not find but there’s 1 more left.
I skimmed over it. You never mentioned after that.
i’m runnign it again today and it’s found 30 more since yesterday
the problem is that you aren’t finding 30 of anyhting… you are finding one exploited dll file that is making your shitty ‘spam / ad’ scanning software think it’s found something… it’s a run around, and it’s how an exploited file gets around scans.
the logical thing to do, is as i stated… dump all the bullshit startup files, kill anything in the system folders that are modified and/or questionable about the modified date and are NOT unique windows files,
then dump the profile, reboot into the admin profile, kill startups, dump temp files in ‘sweety’ profile, as well as, cached IE temps
then restart under the renovated startup, change ‘sweety’ to a local USER (not admin) and launch her profile… if it’s clean… go online and update shit.
virus protection is key… firewall is key (hardware is money, software will get you by) spam / ad scanners are garbage.
i hope you aren’t doing all this with the network cable plugged in 
so you’re telling me that the 30 registry entries/paths that it’s finding are not 30 different thigns when it shows me where everything is?
no network cable is unplugged
correct… they are reregistered dumps from the same exploit so that it can avoid being caught ‘real-time’ during scans
computers are gay. people that think its cool to fuck up other peoples computers are even gayer.
sonny what’s this all about (can’t find any valid google info on it)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
no idea?