Posts by dlh6213

You're not doing anything wrong. I've been buying and selling on ebay for some time now (though not a lot), and went through what you're now going through. I didn't like giving all that info, and didn't all at once. I started out just buying and using a credit card with a very low limit. When I did eventually start selling, a bank account was required. Since I have more then one bank account, I used one that always has a pretty low balance.

I've never had any problems yet, but I know things can, and do, go wrong.

One thing to be aware of is spoofing, there are some very authentic-looking spoofs for both ebay and PayPal.

Hi Bjoshvm, welcome to DaniWeb :D

Can you describe what the icon looks like?

Follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

thanks so much!!but i still cant get rid of A0059569.exe..it doesn't matter right?what does this virus do?it will appear during the ad-adware scan.Only the exe file.thanks alot!!

Did you have A0059569.exe scanned at Jotti? What were the results?

Hi RuffRyder357, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Hi vwdriver67, welcome to DaniWeb :D

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

After that, close any open browser windows, scan with HJT, and post a new log please.

PS -- I deleted your other thread because it appeared to be a duplicate of this one.

Hi jr02004, welcome to DaniWeb :D

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

After you've done that, close any open browser windows, scan with HJT, and post a new log please.

Hi tibsone, welcome to DaniWeb :D

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then, right-click in an open area of your desktop and select New, Folder; give the new folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

Close any open browser windows, scan with HJT, and post a new log please.

Glad to hear it :D

Happy computing!

Go to Add/Remove Programs in your Control Panel and remove (if present):

SurfSideKick
WildTangent

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.a....2.00010300.2.0
O1 - Hosts: 72.36.164.138 l2authd.lineage2.com
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O4 - HKLM\..\Run: [gkq5sr3d] C:\WINDOWS\system32\gkq5sr3d.exe
O4 - HKLM\..\Run: [476X3mX] apc3d32.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...90/mcinsctl.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.c...mma1004_sp2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1120153821505
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.sympatico.ca/wiz...nadaActiveX.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/p...AIM.9.5.1.8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro …

thank you so much =) no im not having any more problems! i really appreciate your help! thanks tons! :mrgreen:

Great! Glad to hear it :)
Happy computing!

You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html

Try a reinstall of IE:
http://support.microsoft.com/default.aspx?scid=kb;en-us;318378

Your log looks good to me, are you still having any problems? If so, can you give us the details please?

Thanks VERY, VERY much. Things seem clean now.
I haven't had any bad-looking behavior for the last 24 hours - since even before these last couple of fixes - so I THINK things are clean.

Eric

Great! Glad to hear it :)

Let us know if anything else comes up.

Log on to her account, scan with hijackthis, and post the log please.

I would also suggest removing Viewpoint Manager (using Add/Remove Programs), and then go to C:\Program Files and delete the Viewpoint folder.

Hi LiBOC, welcome to DaniWeb :D

This should help :) :

http://www.daniweb.com/techtalkforums/thread27519.html

Hope you don't mind if I cut in...

Why are you trying to remove this? It's the driver for you video card.

You now need to reinstall your video card drivers either with the CD that came with your computer, the CD that came with the card (if you added it seperately), or you can download them from the manufacturers (NVIDIA) website.

2. Followed HJT instructions
During FIX, MS AntiSpyware popped up saying CWS was trying to install.
MS claims to have blocked and fixed. (Although I ran CW Shredder the
other day and IT thought it had fixed everything, too).
Ran MS Scan - clean (but it was this a.m., too, before this)

3. On reboot, McAfee says it is broken and wants me to reinstall - I suspect that's because of one of the HJT removals... was that an error? (Not a big deal, but I probably should reinstall).

A question - I read somewhere that AWS is better behaved these days - is it OK to reinstall or is it still considered spyware?

Download, install, and update CWShredder 2.15 --http://www.intermute.com/products/cwshredder.html. Run it, and press Fix (not scan). Close any open windows, other then CWS, before hitting the Fix button.

Nothing you fixed with HJT should have hurt McAfee, but it is possible one of the malicious files on your system corrupted it. McAfee may have a 'Repair' option, if it does, try that first. If not, then reinstall it.

I've also heard that the Weatherbug is not much of a pest anymore. Myself, I wouldn't trust it, but if you like it, and can put up with it's ads (if it still does that), then go ahead and reinstall it).

Also, you may wish to consider disabling CTHELPER.EXE -- quote from sysinfo:
"CTHELPER is a background task that is …

Try:

IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Winsockfix -- http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

Have you checked your firewall settings to see if anything there could be blocking some sites?

You can also try another browser to help determine if the problem is with IE or not. You can get Firefox from here:
http://www.mozilla.org/products/firefox/

Go to Add/Remove Programs in your Control Panel and remove WeatherBug (or AWS), if present.

Download LSPfix from http://www.computercops.biz/downloads-file-334.html. On the opening screen, click the I know what I'm doing checkbox. Then click Finish.

Scan with hijackthis and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\topMoxie\TEMP\limeshop_script.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp1.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.genisar.com/files/genplug60.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/201f2d97d5c479...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared...72/mcinsctl.cab
O16 - DPF: {71CA4411-45EC-4608-B9D7-6D4B6A9D1BB4} (Attenza System Profiler) - http://service.dell.com/dell/SystemProfiler.cab
…

Has it worked in the past and stopped working, or has it never worked?

Some things you can try:

IEFix -- http://windowsxp.mvps.org/IEFIX.htm

WinSockXPFix -- http://www.majorgeeks.com/download4372.html

Try another browser to help determine if the problem is with IE or not. You can get Firefox from here:
http://www.mozilla.org/products/firefox/

:?: Hi I bought this new computer a while ago (the one I'm using right now) and it already came with windows xp on it, It did come with a boot CD but windows was not included in it. I was wondering if there is anyway that I could extract or make a copy of the windows that came on the computer already so that I could install on a computer that I just finished building from a bunch of computer parts that I aquired and by the way the cd code or key is on the back of my computer (a lil sticker) thank you. I really apreciated, ohh and if u can can u email me on email removed thankx again!

What you are attempting to do is not legal, therfore this thread is being closed.

Hi Wezzerwes, welcome to DaniWeb :D

I believe the programs need to be installed after Windows has been installed; you can't copythem, you need the installation discs.

To help prevent this from happening again, see these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

http://www.daniweb.com/techtalkforums/thread16365-christmas.html

Hi Eagle6969, welcome to DaniWeb :D

Ive moved your thread to the Virus forum as you most likely have a problem which needs to be addressed here.

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Before posting another hijackthis log, please follow the suggestions here:
http://www.daniweb.com/techtalkforums/thread24085.html

Hi Calcutta22, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Include Ewido in the list of suggestions, scan with it in Safe Mode, and pay attention to where the log is saved so you can include it in your next reply.

Empty your Recycle Bin and reboot normally.

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here along with the Ewido log.

Go to Add/Remove Programs in your Control Panel and remove (if present):

180SearchAssistant
Eecpj
Media Gateway
PartyPoker
Viewpoint (may be Viewpoint Manager, ViewMgr, or something similar)
WeatherBug (or AWS)
WildTangent

Scan with hijackthis and have it fix the following entries:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Hevosxn] C:\Program Files\Eecpj\Qmzwulj.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c8.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA...loadManager.ocx

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted folders:

C:\program files\180searchassistant
C:\Program Files\AWS
C:\Program Files\Eecpj
C:\Program Files\Media Gateway
C:\Program Files\PartyPoker
C:\Program Files\Viewpoint
C:\Program Files\WildTangent

Empty your Recycle Bin and reboot.

Close any open browser …

I don't see anything else, are you still having problems? If so, please give us specific details :)

Hi arrbug, welcome to DaniWeb :D

I've split your post into it's own thread per the site rules:
"Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question"

Forum rules can be found here: http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

The bad files would still have the same name regardless of the language you use.

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Include Ewido in that list of suggestions, scan with it in Safe Mode, and pay attention to where the log is saved so you can post it in your next reply.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

If you haven't already purchased Panda, I would recommend Nod32 instead; you can do a search for it here on DaniWeb for some discussions regarding it as well as other AV programs, or you can search the net to see how it compares to the others.

I would also like to suggest you have a look at this thread -- it may be helpful since you've just reformatted:
http://www.daniweb.com/techtalkforums/thread16365-christmas.html

Good luck to you :)

Your log looks okay to me, are you still having problems?

Go to Add/Remove Programs in your Control Panel and remove (if present):

SideSearch
Viewpoint
WinTools

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - D:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ViewMgr] D:\ProgramFiles\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [Win Server Updt]D:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [fzdjyjp] d:\windows\system32\xbhrfs.exe r
O4 - HKCU\..\Run: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://support.gateway.com/support/...r/PCPitStop.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://bin.mcafee.com/molbin/shared...84/mcinsctl.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} -http://dl.lygo.com/Sidesearch/en_US.../Sidesearch.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -
https://mysupport.nai.com/amiuptoda...pdatePortal.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -http://a1540.g.akamai.net/7/1540/52...us/win/QuickTimeInstaller.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -http://bin.mcafee.com/molbin/shared...,21/mcgdmgr.cab
…

Hi amandam, welcome to DaniWeb :D

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Right-click in an open area of your desktop and select New, Folder; give the new folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

Close any open browser windows, scan with HJT, and post a new log please.

Hi Helpmerhonda, welcome to DaniWeb :D

I've merged your threads so anyone looking at this will have all the relevant information available. For future refrence, instead of starting a new thread, simply making a new post in the existing one will bring the thread back to the top of the forum where it will have a better chance of getting spotted.

Get Ewido from here:
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1

Boot into Safe Mode, scan with Ewido, allowing it to clean whatever it finds.

Reboot normally, close any open browser windows, scan with hijackthis, and post a new log please.

Try using System Restore to return your system to a date prior to when you started having trouble.

Hey crunchie, it looks like I'm on the same path as you -- I just might make it to 3,000 by my one year anniversary here :)

Hi shmay, welcome to DaniWeb :D

Please follow the suggestions in the following threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Include Ewido in that list of suggestions, and scan with it in Safe Mode.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HJT, and post a new log please.

You will need to disconnect from the internet so you may wish to print these instructions.

Go to Add/Remove Programs in your Control Panel and remove WildTangent (or WT), if present.

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan in your next reply).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
…

You still need to do this -- "Right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder."

Aurora and 180Solutions didn't get cleaned up properly, please repeat these instructions:

http://www.daniweb.com/techtalkforums/thread27570.html

You will need to be disconnecting from the internet, so you may wish to print these instructions.

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop.

Run a full system scan with Ewido.

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [rbbfvyo] c:\windows\system32\efyegal.exe r
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Remember to close any open windows before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
c:\windows\system32\efyegal.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\hwclock.exe

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijacthis, and post a new log along with the new Ewido log.

Getting better, just look at all the stuff Ewido cleaned for you :)

You should follow the instructions here (again):
http://www.daniweb.com/techtalkforums/thread27570.html

Update your antivirus program and allow it to fix whatever it finds.

Scan with HJT and have it fix the following entries:

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [xbnsrhy] c:\windows\system32\avaxrc.exe r
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Remember to close any open window before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\wupdt.exe
C:\windows\system32\avaxrc.exe

Do a search for the following files and delete any instances found:

Systb.dll
Winobject.dll
Winserv.exe
Wupdt.exe

If any of files cannot be deleted in normal mode, try Safe Mode.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with HJT, and post a new log please.

You should have a look at this thread to make sure your system is adequately protected, you seem to keep getting new nasties:
http://www.daniweb.com/techtalkforums/thread27519.html

After that, run Ewido again, it should clean up Look2Me.

Did you try the Remove.bat I posted before to get rid of that lfrt.dll file (post #12)?

Lsass.exe is a critical file, l?ass.exe is adware from PurityScan, the uninstaller should have cleaned that one up too.

Hi Bubba, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.

Please follow the recommendations in these threads to help protect and start the cleanup process of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open broswer windows, scan with hijackthis, and post a new log and wait for instructions on removing anything else remaining.

When you post your new HJT log, please paste the entire log. Your last one was missing the header info (Operating System, date scanned, etc.).

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open broswer windows, scan with hijackthis, and post a new log and wait for instructions on removing the Aurora infection and anything else remaining.

The recommendations here should resolve the problem with System Volume Information:

http://www.daniweb.com/techtalkforums/thread13362.html

You should have A0059569.exe scanned here:

http://virusscan.jotti.org/

The PurityScan uninstaller should clean that up.

And I made a (minor) error in my last post, reomve this folder, not just the file (if it's still there after the PurityScan)-- C:\Program Files\ruoc\eooh.exe

Yes, you should go ahead and delete it; I doubt if there is anything in that .dll that your system will want :)

Glad to hear it; thanks for letting us know.

You will need to disconnect from the internet so you may wish to print these instructions.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Remove Newdotnet either from Add/Remove Programs, or by following the instructions here:
http://www.newdotnet.com/removal.html

Also in Add/Remove Programs, remove quickbar, if present.

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan in your next reply).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://approvedlinks.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O3 - Toolbar: …