I have a Toshiba Satellite 2400 with XP PRo SP2 installed. I have tried everything to remove some problems. I have run Spybot and keep getting 3 entries that I can't remove -DyFuCa.InternetOptimizer and Just DyFuCa and PowerScan. Sypbot tells me it can't remove them unless I restart. I restart and Sybot runs again and keeps telling me the same thing. I also tried to run Adaware with no luck as well. The symtoms are popups that come up as soon as the computer boots. The popups are Partypoker and Searchmiracle as well as some others. Any help would be great!

Hi ... I know its a bit of work but it might help , Also have you look in your add and remove programs area to whether those programs are listed ?? First thing you should do is download hijackthis and have someone to view your log , here where you can get hijackthis from http://www.spychecker.com/download/download_hijackthis.html Here where if you like you can post your hijackthis log for assistance http://spywarewarrior.com/index.php http://forums.net-integration.net/ http://computercops.biz/forums.html Now if you have an Anti-Virus Program which is fairly new ( mostly under a year )and you are sure that you are still recieving update definitions ? Then update yours now .... Then afterward download a few programs , Like these here below first one is Ad aware ( free Version ) http://www.lavasoft.de/support/download/ Start up this program , What you need to get is the most latest update for it ,run JUST the "updated" option and afterward close the program for later use ... Next program >> Spybot Search and Destroy ( Free ) http://www.safer-networking.net/en/download/index.html Next Program >> SpywareBlaster ( Free ) http://www.javacoolsoftware.com/sbdownload.html Next Mcafee Stinger http://vil.nai.com/vil/stinger/ Okay now perform this operation from this website below http://support.microsoft.com/?kbid=310405 Okay this is next to perform below : Click Start. >>Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. DON'T WORRY ABOUT THE WARNING POP UP WINDOW THIS IS NORMAL , just click yes Now its time to start your computer in Safe Mode How to start up in safe mode , there is 2 ways in doing so , just choice one method only ... Look at this website below http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo Okay once in safe mode do the following : Clear out the Temporary internet files and other temp files. Go to Start > Settings > Control Panel >Internet Options. Under the General tab click the Delete temporary internet files, delete all Offline content as well. Clear out Cookies ... Now close eveything and be back at your desktop Now click the start buttom > then the Search/Find option > click Files or folders > in the named box, type: *.tmp , click search and choose Edit > select all -> File > delete. Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, (Contents only but not the folder itself.) This one too if it is there C:\Documents and Settings\username\Local Settings\Temp\ Delete the recycling bin ... Now start up Mcafee Stinger and afterward Ad Aware and just basically perform the options its set at for now ... And remove whatever it finds ... Start spybor search and destory and do the same with this program Also with the spyware blaster , just clean what it finds .... Now use your Anti - Virus Program and run it and see what it finds ...If your anti-virus finds anything try the repair option first, if that can't be done then delete the file... Now restart your computer back to normal mode and reset the setting back too...Once your computer is up and running do the following : http://support.microsoft.com/?kbid=310405 and this next >>> : http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsysrst.mspx Okay after all that was done and you want to be sure its clean go to these anti virus scan sites and do the scan from each site if you like http://www.trendmicro.com/download/dcs.asp http://windowsxp.mvps.org/Scanners.htm http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Yes, I checked add and Remove programs and is very clean, nothing there that I don't know about. Here is my hijackthis log: Logfile of HijackThis v1.97.7 Scan saved at 4:16:23 AM, on 11/28/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\msrpc32.exe C:\Documents and Settings\Kelly Johansen\Application Data\belh.exe C:\WINDOWS\System32\l?ass.exe C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe E:\Hijack this\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com O2 - BHO: (no name) - {1C843D26-986C-26CC-8075-67550FF4793A} - C:\WINDOWS\System32\vwi.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll O4 - HKLM\..\Run: [Sys29] C:\windows\system32\wingdp32.exe O4 - HKLM\..\Run: [Norton AntiVirus Sys] NAVsys32.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\RunServices: [Norton AntiVirus Sys] NAVsys32.exe O4 - HKLM\..\RunServices: [MS Remote Procedure Call] msrpc32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Kelly Johansen\Application Data\belh.exe O4 - HKCU\..\Run: [Ikkedvn] C:\WINDOWS\System32\l?ass.exe O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ? O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O15 - Trusted Zone: http://www.hotmail.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d7c4f6ebc1840688509f16461fe1981d17bf73aea341224e1bb3eb866fe7ae4275035b3366c2b05d50a71fc4a191bb3f8f13d69a89:eba680bc1be2e220a7ec58ff8178110e O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

Ok, I finally finish performing all the steps above. I still get the same problem and spybot indicates the same 3 items that it can't remove. By the way adaware does not find them. Still have the same popups. Any other ideas?

Hi ... I'm sorry but that hijackthis program is outdated , it seem that website still has the older version , my mistake , well their mistake ... But you can get the latest one from this website http://www.tomcoyote.org/hjt/ Also if you view this website it will say where to find help , meaning for your hijackthis log .. I am no expert with the log but i did see a few that were need to be corrected Try this website to post your hijackthis log http://www.spywareinfo.com/forums/ or this one here too http://spywarewarrior.com/index.php Now if neither of these 2 websites can't solve your problem I doubt if anyone can

Thank you for help. After spending most of the weekend on this problem downloading dozens of programs and performing hours of tedious registry edits, I finally gave up and performed a clean reinstall of windows XP. Which I guess I should have just done from the begining. I was determined to find a way to fix this thing. It beat me down. Thanks again for the help.

Your welcome , Might I suggest you use an third party firewall and an spyblocker , it will help to keep your computer cleaner