Posts by dlh6213

Do not get SP2 until after you have removed all malware.

Have any of the programs that detect it give you the location?

Download and install CleanUp! -- http://www.stevengould.org/downloads/cleanup/CleanUp40.exe -- but don't run it yet.

Reboot into Safe Mode.

Open CleanUp!, and click the Options button, move the Quick Setup slider to Thorough CleanUp! ; click Yes to the warning message and exit from Options. Click CleanUp! to start cleaning. When it's finished, click Close, and select No (to prevent the restart).

Reboot normally and let us know the status.

Open Firefox and go to Tools, Options, and then click on Privacy (padlock icon on the left); click on the Clear All button.

Download, install, update, and run CCleaner –
http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Remember to close any open windows before hitting Fix checked.

I think that'll do it unless crunchie sees something I missed.

Hi Albie, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the three links from my signature below.

In the third one, follow the instructions in posts #1 and then #4.

I'm afraid forum rules don't allow assistance with pirated software (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules).

All I can suggest is that you obtain a legal copy of an operating system.

If you can't afford Windows, there are several affordable Linux systems available, such as Linspire (http://www.linspire.com/product_page.php).

If you decide to get Windows XP, you can find instructions for installing it here:
http://www.daniweb.com/techtalkforums/thread6632.html

Good luck to you :)

Download, update, and run CCleaner –
http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

In order to view some of the files and folders here, you will need to set your system up accordingly. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Open Explorer and click on the Search button.

Type the following in the All or parts of the file name box:

scvho*.*

In the Look in box, select your C: drive.

Click on More advanced options and make sure that the first three boxes are checked.

Perform the search; give us the exact names and locations of any files found in your next reply.

What about the video RAM? That's important for most modern games.

In the future can you please copy & paste your logs rather then attaching them? Makes them much easier to work with :) Thanks.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode.

Run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan in your next reply).

Reboot normally, close any open browser windows, scan with HijackThis, and post a new log along with the Ewido log.

You can get the non-XP Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

But if Firefox is doing it too, the problem most likely isn't the browser. Try post a HijackThis log.

If you have Windows XP, download WinsockXPFix from here: WinsockXPFix

Run it, and click the Fix button; choose YES when asked if you want to proceed.

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

If it still isn't working (or even if it is), get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Another thing you can try is getting another browser (such as Firefox or Opera) to see if the problem is with IE or something else.

See if this helps...

Go to C:\Windows\Prefetch; open the Prefetch folder, click on Edit, Select All, and then hit the Delete key.

Download, update, and run CCleaner –
http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Open Firefox and go to Tools, Options, and then click on Privacy (padlock icon on the left); click on the Clear All button.

Follow the instructions in post #2 of this thread -- http://www.daniweb.com/techtalkforums/thread28196.html

See if there is any improvement, and post a new HijackThis log with your next reply.

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the three links from my signature below. After you get the recommended updates and move HijackThis, please post a new log.

Hi Erin, welcome to DaniWeb :D

Please follow the recommendations and instructions in the three links below.

When you get to the third one, after completing the basic HijackThis stuff (in the first post), go to post #4 and follow the instructions there.

If you have questions about anything, feel free to ask. When you're done, post a new HijackThis log so we can clean up anything that's left.

Hi Zion1, welcome to DaniWeb :D

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode.

Run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan with your next reply).

Still in Safe Mode, Double-click on the Hijackthis.exe icon that is on your desktop; scan with HijackThis and have it fix the following entries:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
If the following IP addresses are not related to your ISP, have HJT fix this O17 entry as well --
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7B5B65A-DC8E-4BFB-9D6B-EC4B1E856DD2}: NameServer = 203.109.252.42 203.109.252.43
O23 - Service: ssdfghjkl - Unknown owner - C:\WINDOWS\netddf.exe

Close any open windows, other then HijackThis, and click on Fix checked.

Go to C:\WINDOWS and delete netddf.exe

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with Hijackthis, and post the new log along with the Ewido log.

Well done! Looks good to me now :)

Check out the links below for protecting and cleaning your PC to help keep it that way :)

You're still using an outdated version of HijackThis, and it's still in a Temp folder.

Get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

This should put HijackThis in your Program Files folder.

See the last link in my signature block below for more info on HijackThis.

Glad we could help :)

And thank you for your service to your country!

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to C:\WINDOWS\web and delete related.htm

Empty your Recycle Bin and reboot.

Download WinsockXPFix from here: WinsockXPFix

Run it, and click the Fix button; choose YES when asked if you want to proceed.

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Scan with HijackThis and post a new log please. And let us know if IE is working properly.

I'm afraid I can't help with the defense, just some advice.

1.) If you don't log in to the computer, how do you know no one else has access to it? You should set up so you do have to log in.

2.) Stay away from wunderground.com; is checking the weather really worth risking your job?

Go to Add/Remove Programs and remove:

Search Extender
Shopping Wizard
Home Seach Assistant

Download, install, update, and run these utilities (if you already have any of these, just update them before running):

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
CCleaner – http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, Double-click on the Hijackthis.exe icon that is on your desktop; scan with HijackThis and have it fix the following entries:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {21BB89CF-BE0E-AEC1-B7D9-DBB05AD005C8} - C:\WINDOWS\SYSTEM\IPMN.DLL

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to C:\WINDOWS\SYSTEM and delete IPMN.DLL

Go to Start, Run, type regedit in the box, and hit Enter.

At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Then click on …

It's possible I could be overlooking something, but I don't see anything in your log that would cause this problem.

How much RAM and VRAM do you have on this system?

It might help to run CCleaner -- http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

And then defrag your hard drive(s).

Make sure that computer meets all the system requirements for XP:
http://www.microsoft.com/windowsxp/pro/upgrading/sysreqs.mspx

That's a pretty expensive CD to be writing on like that!

I spoke to soon :mad: the same popups are back as soon as I finished my post I went to my favourite parenting site and bam first popup and now they have been popping up regulary .I have done an Ad-Aware SE scan which only had some cookies which i deleted I ran a Highjack this log and its the same three I deleted last night 06 HKCU\software\policies\microsoft\internet explorer\restrictions present and the same first bit with control panel present and 08 extra content & search bar my websearch.com/menusear.....?p=ZNxmk0460US.

Please help I am going mad here ,I have done scan after scan and nothing is showing it runs good and then when I shut it down and start it up the next day its all back again .........plus I have lost my sound ............I might take to it with an axe soon.

Tracy..........who isn't gonna let these pesky popup thingies get the best of her :cheesy:

Hi Tracy,

To help prevent this, check out the links for Protecting and Cleaning below.

If you have XP, try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Go to Add/Remove Programs in your Control Panel and remove the following, if present:

Viewpoint (or Viewpoint Manager, ViewMgr, or something similar)
WildTangent

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode.

Do a full system scan with Ewido (note: you will be posting the log from this scan in your next reply).

Still in Safe Mode, scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to the following locations and delete the highlighted file and folders:

C:\WINDOWS\web\related.htm

C:\Program Files\WildTangent
C:\Program …

Just remember to clean out your Cookies and Temporary Internet Files often :)

Check out the Protection & Cleaning links below for more helpful advice.

Download, install, update, and run CCleaner -- http://www.filehippo.com/download/Qi6RR0U86febzhqUrQQIBQ2/download.html

Open Firefox, go to Tools, Options, and then click on Privacy (padlock icon on the left); click on the Clear All button.

Go to Add/Remove Programs in your Control Panel and remove the following, if present.

180Solutions
BullsEye Network (or BullsEye)
Ezula
PartyPoker
Web Offer

Disconnect from the net and reboot into Safe Mode; this time try logging in under Tina.

Double-click on the Nailfix.cmd that is on your desktop (hopefully). Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido, allowing it to fix whatever it finds (yes, again; please post the new log with your next reply).

Still in Safe Mode, scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} …

Try reinstalling MSN Messenger.

Your log shows you have HijackThis in two locations (C:\Documents and Settings\RAA\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe and C:\hijackthis\HijackThis.exe), you should remove the one in the Temp folder so you don't accidently use it.

Scan with HijackThis and have it fix the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M.../bridge-c10.cab

Close any open windows, other then HijackThis, before hitting Fix checked.

Go to C:\WINDOWS\web and delete related.htm

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with HJT, and post a new log please.

You can read what's said here about Matcli.exe, it's spyware, but without it some of your support may not be available (but you can always come here for help :) ) -- http://www.hardavenue.com/startup/matcli.exe.php

Scan with HJT and have it fix the following entry:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Other then that, your log looks okay to me; are you still having problems?

Hi Phoenixm, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the three links from my signature below. After you've done the Aurora fix, please post a new HJT log.

Hi Raksta, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the three links in my signature below. After you've done the Aurora fix, please post a new HJT log.

If you had SP2, your HijackThis log would show these entries:
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

If you have SP1, your log will show:
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Your log currently shows:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Which indicates NO Service Packs have been installed.

Please begin by following the recommendations in the 'pinned' topics at the top of this forum (Protecting, Cleaning, & Specific Infections).

Go to Window Update and get SP1a for both XP and IE (don't get SP2, not at this time anyway).

Post a new HijackThis log after completing the above.

Please right-click on an empty area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

Download, install, update, and run CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode.

Do a full system scan with Ewido allowing it to fix whatever if finds. (Note -- you will be posting the log from this scan in your next reply).

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\mscuia32.dll

Go to C:\WINDOWS\system32 and delete mscuia32.dll

Empty your Recycle Bin and reboot normally.

Go to this file -- C:\WINDOWS\system32\?asks\logonui.exe -- right-click on it, go to Properties, and give us whatever info you can on it (Company, version, etc.).

Do the same for this one -- C:\Program Files\etea\rpen.exe

Also, what else is in these two folders:
C:\Program Files\etea\rpen.exe
C:\WINDOWS\system32\?asks\logonui.exe

Close any open windows, scan with HJT, and post a new log along with the Ewido log.

Do a search for ADWAREALERT at this site to find out about its reputation:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
(A good place to check before getting any spyware products)

Don't feel too bad about being goaded into purchasing the program, I did the same thing a year ago with a similar product before I found out (from this forum) about its poor reputation; so I know how you feel having wasted your money.

Removing this file -- C:\Program Files\Optimum Online\Netsurf.exe -- won't prevent you from using Optonoline, it will only stop the adware & spyware that comes with it :).
http://castlecops.com/s2624-Netsurf_exe.html
http://www.liutilities.com/products/wintaskspro/processlibrary/netsurf/

Agreed, but what's the appropriate amount before you start to sell items? 20? 50? 100?

There's not really an appropriate amount, it's just that the more you have the better you look to potential buyers; provided your feedback rating stays close to 100 :)

20 would probably be enough; I don't think you would need to wait for 50.

When you booted into Safe Mode, did you log in as Administrator or Tina?

That error just means that nail has been successfully cleaned up (a good thing), but something else is still trying to find it; we just need to get the rest cleaned up. Were you able to eventually run nailfix?

Please post a new HijackThis log, and the Ewido log, so we can see where you are now.

Please begin by following the recommendations in the 'pinned' topics at the top of this forum (Protecting, Cleaning, & Specific Infections).

After you've finished, and moved HijackThis, please post a new log.

Hi Freaky_dug, welcome to DaniWeb :)

Please get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Hi Jsankiewicz, welcome to DaniWeb :D

Please go to Windows Update and get SP1a for both XP and IE (don't get SP2 at this time).

Then get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Try using System Restore to return your system to a date prior to the updates and see if that fixes the problem.

Instructions for fixing the Program.exe error (from MS -- http://support.microsoft.com/?kbid=191219; normally I would just post the link, but since you still can't access the internet, I've copied the instructions):

"Edit the File Association
Edit the "URL:hypertext transfer protocol" file association to associate this type of file with Internet Explorer:

1. Double-click My Computer on the desktop.
2. On the View (or Tools) menu, click Folder Options (or Options).
3. Click the File Types tab, click URL:HyperText Transfer Protocol in the Registered File Types box, and then click Edit.
4. In the Actions box, click Open, and then click Edit.
5. Click Browse, navigate to the \Program Files\Internet Explorer folder, click the Iexplore.exe file, click Open, click OK, click Close, and then click Close.
NOTE: You may also need to repeat these steps for the following file associations:
• URL:HyperText Transfer Protocol with Privacy
• URL:File Transfer Protocol
• URL:Gopher Protocol

Set Internet Explorer to Be the Default Browser
Set Internet Explorer to check whether it is the default browser: 1. Click Start, point to Settings, click Control Panel, and then double-click Internet.
2. Click the Programs tab, and then click to select the Internet Explorer should check whether it is the default browser check box.
3. Click Apply, and then click OK. Start Internet Explorer, and then click OK when you are prompted to make Internet Explorer the default browser.

NOTE: …

Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 …

Mr. Wizard! Mr. Wizard, where are you???

Hmm, doesn't seem to be any wizard around here at the moment...

Let's see if I can help. Try this:

Open NotePad (or WordPad), copy the contents of the 'Code' below , and paste it into NotePad:

cd System32
attrib -s -r -h axdio3dl.dll
del axdio3dl.dll

Go to File, Save As and type the filename as Remove.bat, save it to your Desktop, and then close NotePad.

Reboot into Safe Mode.

Scan with Hijackthis and have it fix the following entry:

020 - Winlogin Notify: H323TSP - C:\WINDOWS\system32\axdio3dl.dll

Close any open windows and hit Fix checked.

Double-click on the file Remove.bat, and a DOS-type window should open and close quickly, this is normal. (If the window does not close by itself, you can close it after few seconds.)

Go to C:\WINDOWS\SYSTEM32 and delete axdio3dl.dll.

Do a search for axdio3dl.dll and delete any instances found.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HJT, and post a new log along with your last Ewido log please.

Am I to assume this means your problem has been resolved? :)

Your log looks okay to me now, are you still having problems?

I would suggest you do another scan with Ewido and if comes up with anything post the new log here.

Please follow the instructions found here:
http://www.bleepingcomputer.com/forums/How_to_remove_Antivirus_Gold_or_AVGold-t22397.html

Get CounterSpy from here and allow it to do a full system scan:
http://www.download.com/CounterSpy/3000-8022_4-10375153.html?tag=lst-0-1

Go to Windows Update and get the Critical Updates for your system.

Hi Tina, welcome to DaniWeb :D

Please follow the suggestions in these threads (in sequence):

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

http://www.daniweb.com/techtalkforums/thread28196.html

When you scan with HijackThis, have it fix the following (in addition to what was in the previous thread):

All of the R1 and R0 entries except:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

And all of the O1 entries.

Then go to post #5 (of the Specific Fix thread) and follow those instructions.

Post a new HijackThis log when the suggested steps have been completed, along with the Ewido log (from the instructions in post #5).

Hi jillcwood, welcome to DaniWeb :D

Please follow the suggestions in these threads (in sequence):

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

http://www.daniweb.com/techtalkforums/thread28196.html

After you've completed the steps in post #1 of the Specific Fix thread, go to post #5 (first), and then post #2.

Post a new HijackThis log when the suggested steps have been completed, along with the Ewido log (from the instructions in post #5).

Please follow the suggestions in these threads (in sequence):

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

http://www.daniweb.com/techtalkforums/thread28196.html

Post a new HijackThis log when the suggested steps have been completed. :)