dlh6213

Hey Danielle, welcome to DaniWeb! :) All hijackthis logs are supposed to be posted in the [B]Virus [/B] forum.

I don't know if there is anyone here familiar with X-RAYPC, you would probably get better support if you got Hijackthis and posted the log in the [B]Virus [/B] forum.

D'oh! Dave beat me to it! Go to Add/Remove Programs in your Control Panel and remove these if they are there: SearchUpgrader Webshots Close all browser windows (IE, Opera, and any others you may have), scan with HJT and have it fix the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar …

[QUOTE=moderate_rock48]Say where and how would i go about learning all about the computer, im not really talking about programming. Like learning all about the hardware and such, taking a class would be cool but in my little hick town they offer no such classes in high school. where exactly should …

This may help with the cpu usage. CTHELPER.EXE should probably be disabled: Quote from sysinfo: "CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will …

Close all broswer windows, scan with HJT, and have it fix the following entries: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://default.home[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://default.home[/url] R3 - Default URLSearchHook is missing O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} - C:\WINDOWS\ietlbass.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} …

That's how I ended up purchasing xoftspy; since it was advertised here, I thought it was being 'recommended.' I know better now, but I've wondered myself if there isn't a way to screen the advertisers.

I don't recommend updating to SP2 until [B]after [/B] you've got your system clean; see this thread for more info about SP2: [url]http://www.daniweb.com/techtalkforums/thread10031.html[/url] You need to put hijackthis in it's own permanent folder before you fix anything with it. HJT creates backups in case something goes wrong, and if it's …

Did you try fixing that line with HJT? (R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm) If so, were all browser windows closed when you did it? If they weren't, or your not sure, try it again. If it still doesn't work, try booting into Safe Mode and see if it …

There are links to several helpful utilities in this thread: [url]http://www.daniweb.com/techtalkforums/thread5690.html[/url] Post a Hijackthis log (explained in that thread -- make sure you get version 1.99) and we can help you get rid of eZula and whatever else you may have :)

Fix this only if you do not have Java Sun: O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) Hijackthis has a bug that misinterprets some 09 entries.

Follow the suggestions in this thread: [url]http://www.daniweb.com/techtalkforums/thread5690.html[/url] Then post a hijackthis log (explained in that thread).

I don't know what it is either, but if it's a .tmp it shouldn't be important. Did you try deleting it in Safe Mode?

Go here [url]http://www.billsway.com/vbspage/[/url] and download, unzip and run the Registry Search Tool. Type crazywinnings in the dialog box. Let it run and after a few minutes, a prompt will appear. Click OK to write the results to Notepad and post them here.

What version of Xoftspy do you have? If it's prior to 4.0 you shouldn't use it. Personally I don't know if I would even trust the 4.0 version, but you can read the review for yourself here: [url]http://www.spywarewarrior.com/rogue_anti-spyware.htm#xos_note[/url] Spybot is the best alternative, and it's free. If you empty your …

I don't know how to check the boot sector, but I have a couple of other suggestions. Have you tried running ScanDisk? Did you install your motherboard drivers after you formatted?

Try the advice in post #2 of this thread: [url]http://www.daniweb.com/techtalkforums/post67267.html#post67267[/url]

[QUOTE=zippygirl]My problem starts one (?) step before the "page cannot be displayed". In an effort to clean up some disk space, I think I may have gone too far! Now I always get the message "Cannot find server". A few months ago I invested in DSL through my local internet …

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders: Local Settings\Temp Cookies History Local Settings\Temporary Internet Files\Content.IE5 Delete the entire contents of your C:\Windows\Temp folder Delete the entire contents of your C:\temp folder (this should fix your salm.exe problem) Do a search for …

Winterac, you need to do a couple of things before fixing anything with HJT. First you need to get the latest version (1.98.2), and then you need to put it in a permanent folder, like c:\hjt\hijackthis.exe, so it can safely save backups (you have it in a temp folder now). …

You should probably boot into Safe Mode for this. Scan with HJT and have it fix the following entries: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant …

As long as you use P2P programs you will continue to have problems (Networking2.exe, Piolet.exe, BearShare.exe all put spyware on your computer) Download LSPfix from here: [url]http://computercops.biz/zx/phoenix22/LSPFix.zip[/url] On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "calsp.dll" (and nothing else), and move them …

I don't know where you looked in ebay, but they have lots: [url]http://search.ebay.com/windows-3-1_W0QQbsZSearchQQcatrefZC6QQfromZR10QQsacategoryZQ2d1QQsatitleZwindowsQ203Q2e1QQsbrftogZ1QQsofocusZbsQQsonewuserZ1QQsosortpropertyZ1QQsotextsearchedZ1[/url] But caperjack's deal sounds better :)

It appears to have been moved already. Follow crunchie's advice in post #3.

You can have HJT fix these: O2 - BHO: (no name) - {07084BEE-CB52-45C9-5BA5-931B7E910F1E} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) Are you having a particular problem?

[QUOTE=lone73]And spyware at the same time. I managed to restore my system to the previous day. I'm using XP home edition. It seems to have fixed the problem. My question is can I depend on this as a permanent fix for this one occurrence or could this thing still attack …

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings. This is how I have my …

Put HJT in it's own folder before fixing anything with it or you may end up with backups scattered all over your desktop (like C:\Documents and Settings\Brent Williams.NA-OJSYSNA69ESY\Desktop\[B]HJT[/B]\HijackThis.exe instead of C:\Documents and Settings\Brent Williams.NA-OJSYSNA69ESY\Desktop\HijackThis.exe)

It's possible I could have overlooked something, but I don't see anything in your log that would indicate a problem (with the possible exception of the Start page that was removed by a moderator). You didn't give a specific problem other then the computer running slowly lately so maybe some …

It sounds like you probably have a virus of some sort. You should go to this site: [url]http://www.spywareinfo.com/~merijn/downloads.html[/url], go down to Hijackthis, and download it from one of the links given. After you download it, unzip it into it's own folder, like c:\hjt\hijackthis.exe. Then close all browser windows, scan with …

There is a link to a Hijackthis turorial in this thread: [url]http://www.daniweb.com/techtalkforums/thread5690.html[/url] You can also do a search and find more.

Help protect your system, download, install, and update SpywareBlaster from here: [url]http://www.javacoolsoftware.com/spywareblaster.html[/url] Have it enable all protection. Get an antivirus program installed ASAP. Make sure your firewall is enabled (instructions here): [url]http://www.javacoolsoftware.com/spywareblaster.html[/url]

The latest version is 1.98.2 and you can get it here: [url]http://www.softpedia.com/progDownload/x-Download-5034.html[/url] You can do this now or after you update HJT: Close all browser windows, scan with HJT, and have it fix the following entries: C:\WINDOWS\msru.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = …

I would suggest using Hijackthis on one of the offending computers and post the log in the [B]Viruses [/B] forum. With that information we should be able to help you fix the problem and you can then go about cleaning up the others the same way. You can get the …

[QUOTE=JPM]Is Ad-Aware SE different than Ad-Aware 6.0. I have 6.0, but I do not see all of the options to select that you indicate. I changed some of the options as you indicated and ran the scan again. I usually run both Ad-Aware and Spybot S&D weekly, but I still …

I only see one thing; close all browser windows, scan with HJT, and have it fix the following entry: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...://my.yahoo.com[/url]

You have a CWS infection, please download and run CWShredder from here: [url]http://www.spywareinfo.com/downloads/tools/CWShredder.exe[/url] Then close all browser windows, scan with HJT, and post a new log.

... And Hijackthis needs to be in it's own permanent folder so it can safely save backups in case something goes wrong (like c:\hjt\hijackthis.exe or C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE). Right now you have it in a Temp folder.

The log looks okay to me too, but you're using an older version. You should get v.1.98.2 and post another log. When you scan with HJT, make sure all browswer windows are closed. Also, it would be better if you posted the log rather then an attachment. One more thing, …

Yes, post your hijackthis log in this thread so we can see exactly what you have.

What you need to do: Get the latest version of Hijackthis (v.1.98.2) Put it in it's own folder so it can put the backups in a safe place. Like C:\Documents and Settings\Peter\Desktop\[B]HJT[/B]\HijackThis.exe (instead of C:\Documents and Settings\Peter\Desktop\HijackThis.exe) Close all browser windows before scanning with HJT. Post the new log from …

Hey Geezer, you are seriously behind on your Critical Updates (Windows Update). Getting those patches may help fix your problem. I don't think you should get SP2 though until [B]after[/B] you've got the problem fixed.

Only fix these if you do not have Java Sun: O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) Hijackthis has a bug that misinterprets some 09 entries. Check this thread, post #6, …

Jefferyrobert, the Security section is now called "[B]Viruses, Spyware, and other Nasties[/B]" so post your log there.

[QUOTE=Julian]I still have Windows Adcontrol, I see no reason why I should delete it.[/QUOTE] Go to this website and check the "Status Key": [url]http://computercops.biz/startuplist-6126.html[/url]

[QUOTE=billy61788]i think my computer may have caught some sort of virus. Everytime i have internet explorer open, the continue to get a pop-up from a search site. i'll close it and then get it again, no matter what site im at. i've used my virus check, spyware and adware checks …

I had this problem as well shortly after they enlarged my account. It went away on it's own after several days.

I only see a couple more things to fix in your log: O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [url]http://public.windupdates.com/get_f...8288ee59daa1811[/url] O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - [url]http://download.websearch.com/Dnl/T_50186/QDow_AS2.cab[/url]

This isn't really a problem, but you can have HJT fix this: R3 - Default URLSearchHook is missing Other then that, your log looks okay to me. Anyone else see anything I missed?

You should first follow the suggestions in this thread: [url]http://www.daniweb.com/techtalkforums/thread5690.html[/url] Then post a hijackthis log (link in that thread) in the [B]Viruses [/B] forum.