madmatt

Carp, no Bonjour present. I already went through Add/Remove and plucked everything out that wasn't needed. LSP Fix found no issues. Good idea on the IP address, but I already tried it (it works until the site tries to load from the named location).

AM, I tried hard coding DNS and IPs. Didn't make any difference.

Mark, that's what I see happening. I've spent too much time on it as is.

Johnny, I did that already. I uninstalled Norton 2008 and used the cleanup utilities to remove all traces.

Carp (again), no. I wish it were that simple.

---

Dark Atheist

i would say try opendns but i get the feeling the issue would still be there, there has to be something hiding deep somewhere

http://www.xp-vista.com/spyware-remo...antivirus-2008

might help as i said before maybe something wasnt removed, some programs cant seem to remove everything

also as i said before using bonjour as an example (guess i wasnt clear ) lspfix only fixes issues in the winsock layer once the dlls have been unregistered and removed, and they show as orphaned or such.

If the above dont work them im not sure i can help further, that is unless you can tell us what else you found, if anything

OK maybe one last thing i can think of, a program i have heard about but not used, rougefix, supposed to find and fix quite a few issues, again never having used it i will not vouch for it, but if and when you get desperite, anything is worth a try

bush dogg

In a previous post you said iexplore.exe is running at startup when IE is not… is it IEXPLORE.exe all caps if so I wonder if this is what you’re dealing with?

Prevx

I’ve never used there software but posted the link for informational purposes.

Dark Atheist

yes i was thinking that but last time i seen that pop its head up i had to boot the pc in safe mode and let spybot do its thing, and that was only because it couldnt remove the files that where in use as they were locked.

That and you should be able to delete the folder in c:\program files too - just have to make sure its not hiding in system restore

http://forums.spybot.info/showthread.php?t=8892

Sazar

Matt, quick nooby question, there is nothing remaining in your msconfig/startup or services that you think may be causing issues?

I am with the rest of the lads in that it is likely something that is deeper in.

---

johnkilgo

Matt
Try windows live one care I Believe it is to do with
Background intelligence transfers files and windows firewall.

Johnny

if it is norton 2008, you will more than likely have to do a reformat. That leaves so much junk behind that the removal tool won't even get it all. Even if you do uninstall it the way they say to on the site.

---

madmatt

The AV/security software on the computer was uninstalled and cleaned up using a removal tool. During my work I did not have AV/security installed and it was not connected to the Internet. I intentionally do this.

bush dogg, no it was not. I also checked for iexplore.exe in other locations and checked the digital signatures to verify.

Saz, nothing else.

In the end I backed up the data and reformatted the computer. I spent too much time on attempting to remove whatever virus it was.

Thanks to one and all who helped. Rep coming.

---

Dark Atheist

im saying nothing

ta for the reps

Admiral Michael

Ya unfortunately the only option to completely remove a virus for good or to fix a stubborn problem is to format. If this person is a regular maybe make a backup image just in case.

---

Tarun

Get all of the tools from my Anti-Malware Toolkit, and get the Standard package.

Dial-a-fix may also be of use, and be sure to use sfc/scannow to help resolve issues.

---

Johnny

I am glad you got it fixed, matt. There are times when a reformat is the only thing that will fix it. Thanx for the reps ..

---

Sazar

Well, you did the only thing that would result in a complete resolution I feel.

Good on ya and tell this person with the infected computer to be more careful.

---

kcnychief

Hmm - I have a thought that I think was somewhat touched on.

Is this machine up to date with security patches? I only ask because I wonder if this machine somehow at one point visited a poisoned DNS server and downloaded something that did permanent damage. I don't believe I have seen too many details of attacks, or attacks at all, but the root of the issue seems to be DNS related - such as redirected search results and blocking certain sites. Kind of a reach, but who knows what could have been possible.

Oh well, good stuff here and sometimes it sucks to have to reload everything. I bet it was fun to get all the CDs, enter serial numbers and activate!

---

Aaragn

Had the same problem, turned out I had DNSChanger (AND Vundo, but DNSChanger seems having been the problem). Symantec didn't detect it, Spyware Doctor reported clean. The thing that did it for me as Malwarebytes; Anti-Malware (thanks Tarun for the tip above).

synical33

I have had the same issue on one computer that I was given to fix and everything I tried (cleaners, LSPfix.exe, winsockfix.exe, numerous other cleaners) did not fix the problem. It was a nasty nasty ordeal that I just gave up on and decided on full install of XP. Moving the contents of MyDocuments was a risky thing also because some of the viruses emanated from there and countless others inside Windows dir.

I really hate to say this madmatt but the only option I see available to you besides all the other work you have put into this bad boy is to reinstall XP. It will save you more time than you have already wasted my friend...

---

madmatt

That's what was done. I ended up billing the client for most of the time.

---