Posts by dlh6213

Hi vash420xxx, I've split your post into it it's own thread (per forum rules -- http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules).

Please see this thread, and then post a new hijackthis log:
http://www.daniweb.com/techtalkforums/thread24085.html

Thanks for understanding :)

Well that helped some; on to part two...

You should clean up your browser by clicking on Tools, and then select Options.
Click the Privacy icon on the Option menu bar to open the Privacy Properties.
Click the Clear All button at the bottom of the window.
Click OK to return to the browser main page.
Exit the browser.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cydja.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll (file missing)
O2 - BHO: Class - {F4625626-5DCB-AEB7-598A-486B27B92A72} - C:\WINDOWS\system32\systn32.dll
O4 - HKLM\..\Run: [d3vv.exe] C:\WINDOWS\d3vv.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
Note: you can leave any of those O15 entries if you put them in your Trusted Zone yourself.
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web …

Your log looks good now; might be a good time to set a Restore point :)

Hi Munky79, welcome to DaniWeb :D

I've split your post into it's own thread (per forum rules -- http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules).

Please review this thread and then post a new HijackThis log:
http://www.daniweb.com/techtalkforums/thread24085.html

If you haven't already, you should try System Restore; here are instructions for using it:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q306084

Without being able to download anything, this could be difficult. Have you considered backing up what you can and reinstalling Windows?

Do you have access to another computer where you can download, and then transfer the dowloaded tools, to your computer?

Do you use LimeWire (or have you in the past)?

You still need to get the Critical Updates for Win98 and IE.

Have hijackthis fix this entry:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Other then that, I think you're good to go :)

Hi RaineX, welcome to DaniWeb :D

Start with this --

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Update your anitvirus program and run a full system scan.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite -- http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/
Note …

Go to Add/Remove Programs in your Control Panel and remove (if found):

Mywebsearch (or myway, mysearch, etc.)
WeatherBug

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Update your anitvirus program and run a full system scan.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite -- http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems …

Well, someone else here may have some other ideas, but it sounds to me like it's time to backup whatever you can and reinstall XP.

Here's some help with that if you decide to do it:
http://www.daniweb.com/techtalkforums/thread6632.html

This may help as well:
http://www.daniweb.com/techtalkforums/thread16365.html

Hi Pikachu,

What little I could find out about it doesn't really help much (http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://bbs.db.kingsoft.com/forumdisplay.php%3Ffid%3D110%26sid%3Dnbdq4L&prev=/search%3Fq%3DNPFMONTR.exe%26hl%3Den%26lr%3D%26sa%3DG).

Lack of information is usually a pretty good indiction of a bad file. Can you right-click on NPFMONTR.exe, go to Properties, and let us know whatever info you can (Manufacturer, version, etc.).

Hi irishbum, welcome to DaniWeb :D

Go to Add/Remove Programs in your Control Panel and remove WareOut.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

I don't see an antivirus program running on your system, I suggest you get one ASAP. I recommend Nod32 (best) -- http://www.nod32.com/home/home.htm);
Or, AVG (better then nothing) http://www.grisoft.com/doc/1.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite -- http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the …

Hi Punkermoma, welcome to DaniWeb :D

The first thing you need to do is move HijackThis, please see this thread:
http://www.daniweb.com/techtalkforums/thread24085.html

After you've moved it, please post a new log.

By the way, DrPMon.dll is part of the Aurora 'package' and we should be able to help you get it cleaned up.

Hi Maurine, welcome to DaniWeb :D

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Update McAfee and run a full system scan.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite -- http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/
Note -- When you run Ewido for the …

What OS are you using? If you have System Restore available, try using that to return your system to a date before you started having problems.

Try running HijackThis from Safe Mode; we won't get a complete picture that way, but at least a starting point.

Hey tedward, looks like crunchie and I were replying to your thread at the same time; you should go through his suggestions as well (if you haven't already) because he included some things that I hadn't.

You were correct about the nail fix link, it's not working. Try this one:
http://www.noidea.us/easyfile/file.php?download=20050515010747824, following the instructions previously described.

After you've finished, reboot normally and post a new HJT log along with the Ewido log.

SilentBob, any updates here?

Larry, please stick to this thread:
http://www.daniweb.com/techtalkforums/thread25186.html

Agbd, please start a new thread (per forum rules -- http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules), and include an HijackThis log: Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in your new thread.

I think you're pretty well cleaned up now, but there are a few things you should do.

First, see this thread for instructions on clearing out your Restore folder, then set a new restore point:
http://www.daniweb.com/techtalkforums/thread13362.html

Go to Widows Updated and get (at least) SP1a.

Avoid using file-sharing (aka P2P) programs as they can lead infections.

Hi Larry, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html

Please get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

restore? you mean formatting everything again?
no I don't think this would help.

No, he didn't mean format again, he meant to use System Restore to return your system to a point when it was working properly. Here are instructions for using System Restore:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q306084

I have a couple of other suggestions as well. Since you're using Norton's firewall, you should disable the XP firewall -- that could be causing your problem.

Also, a reformat may help if you install SP2 before installing Norton (or use something other then Norton), but you will still need to disable the XP firewall, as you should only have one software firewall running.

Note: if you have a broadband connection, you should also have a hardware firewall.

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

Ebates
New.net (or newdotnet) -- or you can go to http://www.newdotnet.com/#remove and scroll down to the Uninstall tool.
Quickbar
Viewpoint Manager (or Viewpoint)
VirtualBouncer (or Bouncer)

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Update Norton and run a full system scan.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Download Ewido Security Suite -- http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update …

Hi JediSange and Xyzyxx, welcome to DaniWeb :D

Xyzyxx, you really should start your own thread, unless you just want to follow along with this one and see if you can clean up your system; but please, do not post any logs within this thread. Thanks :)

Start with this:

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Reboot into Safe Mode.

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [kzxoob] c:\windows\system32\bodvlj.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\windows\system32\bodvlj.exe
C:\WINDOWS\svcproc.exe

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now look for that folder again.

Is MyInvoices a program you installed yourself?

Scan with hijackthis and have it fix the following entries:

O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [cBZnV] C:\docume~1\mikemc~1\locals~1\temp\cBZnV.exe
O4 - HKLM\..\Run: [tfbkft] c:\windows\system32\qnojky.exe

Remember to close any open windows before hitting Fix checked.

Go to c:\windows\system32 and delete qnojky.exe

You still have something running from a Temp folder, so go through this again:

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Follow the instructions in this thread:
http://www.daniweb.com/techtalkforums/thread13362.html

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Here's a detailed review of different antivirus programs:
http://www.virusbtn.com/library/files/4pg_reprint.pdf

Here's a detailed review of different antivirus programs:
http://www.virusbtn.com/library/files/4pg_reprint.pdf

Hi dlh6213,
Once this problem has been eliminated I will need a better antivirus defense. Do you recommend Norton Antivirus?
Thanks again for your help.
AppleSam

Not really; it's one of the best at what it does, but it uses a lot of system resources, it is more intrusive then most, and causes problems for a lot of users. It's also a pain to remove (I just took it off of mine a couple of weeks ago). A better alternative is Nod32 (http://www.nod32.com/home/home.htm); if you check the reviews, you'll find that is consistantly the best at finding viruses and is one of the fastest at scanning. I think it costs less then Norton too, or at least competetive.

Another good alternative, that's free, is AVG (http://www.grisoft.com/doc/1). It's not the best, but it's pretty darn good for the price :)

Here are some reviews:
http://www.nod32.com.hk/news/compare.htm
http://www.virusbulletin.com/vb100/archives/products.xml?table
Detailed report:
http://www.virusbtn.com/library/files/4pg_reprint.pdf

Your log looks much better, but I don't have time to go through it completely right now; I'll get to it ASAP.

My suggestion for going to the Control Panel was back in post #2; I thought you had already done that. :confused:

Click on your Start button, point to Settings, and then click on Control Panel. When the Control Panel opens, double-click on Add or Remove Programs. Find the program (or programs) in the list that you wish to remove and click on the Change/Remove button.

As for deleting the GainPlugin, open My Computer -- there should be an icon on your desktop, double-click on that -- then double-click on the "C" drive. Find the WINDOWS folder and double-click it. In there, locate the Downloaded Program Files folder and open that one by double-clicking as well. In that folder you should find a folder named CONFLICT.1; open that folder, locate the GainPlugin.dll file, and delete it. (Note: if there are any programs in the Downloaded Program Files folder that you wish to keep, you should move them to another folder and then delete the entire contents of the Downloaded Program Files folder.)

If you haven't already, try going to C:\WINDOWS\Downloaded Program Files\CONFLICT.1 and deleting GainPlugin.dll

If you can't delete it while in normal mode, try it from Safe Mode.

Hello and thank you for responding I will deffanatly look into cleaning the inside of my pc. I was also wondering what the difference of my hijacking program and selfextracting how do I know what version I have? v1 97.7 is the one I have is that right or do I need a new version. I am guessin I do need a new version as I opened it up and don't see a save place but before I download it can you pls let me know so I don't just download the same version again thank you once again oh so much for your help.

The latest version is 1.99.1, so yes, the one you have is outdated. I suggest the self-extracting link because there is a better chance the user will install it in a permanent folder rather then a Temp folder. They still manage to get it in a Temp folder pretty often somehow :confused:

Hi AppleSam, welcome to DaniWeb :D Glad you found the right place to post this :)

Remove Newdotnet, either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you run Ewido for the first time, you will get the warning Database could not be found!, click OK when you do.

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode (reboot your computer and tap the F8 key while it's starting back up).

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

…

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Post new logs and let us know if you're still having any problems.

Hi Lachessis, welcome to DaniWeb :D

There are several things that can cause this, if you think this may be related to some type of malware on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

However, my first thought would be an overheating issue. If you haven't cleaned the interior of your computer lately, you should do so. Be sure to protect your system from static electricity (preferably with a wrist-strap); use canned air and, if available, a small vacuum -- carefully. The most important areas to clean are the fans and CPU; you should have at least three fans: a case fan, a CPU fan, and a fan inside the power supply unit.

It's also possible one of the fans could be dying a slow death. After you've cleaned it, leave the case open and start the computer. Watch the fans and make sure they are all spinning smoothly and quietly -- not jerking or making any funny sounds.

Keep us posted :)

Can you tell us exactly where Norton says it's located?

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

And this one if you don't recognize the site:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medionusa.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Again, if you don't recognize this site, fix this one:
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com

Be sure to close all windows, other then hijackthis, before hitting Fix checked.

Reboot, close any open browser windows, scan with HJT, and post a new log please. And let us know if you're still having any problems.

Since you mentioned that this is a new computer, this thread may interest you:
http://www.daniweb.com/techtalkforums/thread16365.html

Hi Benny591, welcome to DaniWeb :D

Since you suspect a 'bug' I've move your thread to the Virus forum (for the time being anyway).

In order for us to see what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Hi lemurianprince, welcome to DaniWeb :D

I've moved your thread to the Virus forum as that is the only place HijackThis log are allowed to be posted.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Reboot, close any open browser windows, scan with HJT, and post a new log please.

I don't see anything else, but let's let crunchie make the final decision :)

How's your computer running now?

You seem to have missed a step there :):

"Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked."

Now all's well with my Dell.

That's what really matters :)

You may want to check and see if CTHelper is still on your system; and if you ever need HijackThis again, remember to put it into it's own folder.

For some tips on protecting your 'like new' computer, see this thread:
http://www.daniweb.com/techtalkforums/thread16365.html

Enjoy the site and happy computing!!

Please see this thread, and then post a new log:
http://www.daniweb.com/techtalkforums/thread24085.html

Lol, sorry about that!! I was searching for something else and found this so I thought I'd put in my two cents -- I didn't even notice the year!

First of all, run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Hi scrname, welcome to DaniWeb :D

Even if you've already done some of these things, please update them and run them again.

First of all, run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Go to Windows Update and get SP1a for XP.

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Hi Chelbert, welcome to DaniWeb :D

In order for us to see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Go here to get the removal tool for Adware.Gator: http://securityresponse.symantec.com/avcenter/venc/data/adware.gator.html

Do a search on your system for Adware.Topsearch and delete any instances found.

Go to Add/Remove Programs in your Control Panel and remove Kazaa.

Get Kazaabegone to remove all remnants of Kazaa:
http://www.spychecker.com/program/kazaagone.html

Before running Kazaabegone, download LSPfix from http://www.computercops.biz/downloads-file-334.html (the process of getting rid of Kazaa sometimes messes up the internet connection and this will allow you to restore it).

Run Kazaabegone; if your internet connection is lost, start LSPfix.
On the opening screen, click the I know what I'm doing checkbox. Then click Finish.
That will restore all previous settings.

Hi Kiwi Chris, welcome to DaniWeb :D

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

scan with hijackthis, and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0058/
4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\0B8C0040.hta

Be sure to close all open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS\SYSTEM and delete 0B8C0040.hta

Reboot normally and delete any unwanted icons from your desktop.

Empty your Recycle Bin.

Check this site for additional worm removal steps:
http://www.pchell.com/internet/kakworm.shtml

Go to Windows Update and get the Critical Updates for your system.

Scan with hijackthis and post a new log please.

Please follow the suggestions in this tread and then post a new log. Thanks :)

http://www.daniweb.com/techtalkforums/thread24085.html

I have an eMachine that I purchased in '98; I never had any trouble with it until I got a virus (Nimda) in '02. Rather then try to clean it up, at the time, I purchased a Dell. The hard drive in the Dell failed 5 days after the one year warranty expired. Since I replaced the hard drive, I haven't had any trouble with it.

I have since reformatted the eMachine and use it as a loaner when working on other peoples computers... right now it needs to be formatted again -- I had Win98 & Win2K on it and someone tried to install XP; this computer doesn't have enough RAM or available hard drive space for XP!

Dell's customer service is great when you're purchasing a computer, but severely lacking in support thereafter (in my opinion). I also used Dell Financial to finance the purchase, and I can honestly say that it was literally the worst financial institution I've dealt with in my entire life!

I'll probably purchase another computer this year and it will be either an eMachine or a Dell. But I won't be using Dell Financial!

It's still in a Temp folder (C:\Documents and Settings\Jp.STARGAZER\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe).

Try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

(Hopefully you got a Recovery CD from eMachines that will allow you to do this)

Hi nas116, welcome to DaniWeb :D

You have a few things that should be fixed, but before fixing anything with HijackThis, you need to move it out of the Temp folder it is in now into it's own permanent folder (something like c:\HJT\hijackthis.exe).

Before posting a new log you can:

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty the Recycle Bin.

Also, you may wish to consider disabling CTHELPER.EXE -- quote from sysinfo:
"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are …