Posts by dlh6213

lol, i need something a little more specific then just the internet, do u know how long it would take me to present a project on the history of internet, i only have 5 minutes to talk and i know way too much stuff i would deff digress like every 2 secs into something else.

You didn't mention that before :)

How about 'Who invented the internet?' Hint: it was not Al Gore.

But trying to answer that one could take more then 5 minutes; a better choice might be 'Who invented the World Wide Web?' -- you should be able to get a short presentation from that.

I see a few more things there that need to be fixed. Scan with hijackthis and have it fix the following entries:

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll
O4 - HKLM\..\Run: [wnddrv] C:\WINDOWS\svchost.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/insta.../sinstaller.cab

Remember to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files (if found):

C:\WINDOWS\iDonate.dll
C:\windows\svchost.exe Note: make sure you do not delete the svchost in the C:\WINDOWS\system32 folder
C:\windows\syscfg32.exe
C:\windows\system32\wininet32.exe

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Also, you may wish to consider disabling CTHELPER.EXE -- quote from sysinfo:
"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it."

Hi Tony, welcome to DaniWeb, :D

In order for us to see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Internet :)

Crunchie will probably have some other ideas, but until he gets back to this, try these suggestions:

Get SilentRunners from here:
http://www.silentrunners.org/

Run it, and save the log that it generates.

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Boot into Safe Mode and do a search for these files and delete any instances found (be sure your system is set to Show hidden files and folders):

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If you find any of these files, and any could not be deleted, run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

Reboot normally and delete any icons from your desktop that you did not put there..

Empty your Recycle Bin.

Close any open browser windows, scan with HJT, and post a new log along with the SilentRunners log.

Hi Chili-man, welcome to DaniWeb :D

Sorry for the delay in responding to this; it got overlooked somehow :(

If you still need assistance, please put hijackthis into it's own folder, like E:\HJT\hijackthis.exe (not running directly from the drive as you have it now).

Close any open browser windows, scan with hijackthis, and post a new log please.

Also let us know if you know what these (bolded) entries are for:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.fkitvgwkekbwsbiynvs.com/.../aNHRUeARk.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.fdljtqkxgbclmd.com/IBQyR...7PL9kHpfMI.html

What OS are you using? Do you have Event Viewer available?

Hi Mister_Marvioso, welcome to DaniWeb :D

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found (be sure your system is set to Show hidden files and folders):

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

Reboot normally and delete any unwanted icons from your desktop.

Empty your Recycle Bin.

Before fixing anything with HijackThis, you need to move it from the Temp folder it is in now into it's own, permanent, folder; like c:\HJT\hijackthis.exe.

After you've moved hijackthis, close any open browser windows, scan with HJT, and post a new log please.

By the way, in your next post can you tell us if you know what these (bolded) entries are?
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http: //www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

Hi agbd, welcome to DaniWeb :D

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html

Please get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

Note -- You may want to take a look at this similar thread to see if you have the same bad files:
http://www.daniweb.com/techtalkforums/thread24585.html

In Windows Me, RUNDLL32.EXE should be in the C:\WINDOWS\System folder (C:\WINDOWS\System\RUNDLL32.EXE), not in C:\WINDOWS as it shows in your log (C:\WINDOWS\RUNDLL32.EXE).

Make sure you have it here -- C:\WINDOWS\System\RUNDLL32.EXE
If you do, delete this one -- C:\WINDOWS\RUNDLL32.EXE
Make sure you don't delete the wrong one :)

Update and run about:Buster (http://www.majorgeeks.com/download4289.html)

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {D35D61AC-D852-4B0A-9A53-5477D612EC36} - C:\WINDOWS\SYSTEM\INBNOG.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O18 - Filter: text/html - {B553B599-5A99-42E5-8AC0-9493E3CBC625} - C:\WINDOWS\SYSTEM\INBNOG.DLL
O18 - Filter: text/plain - {B553B599-5A99-42E5-8AC0-9493E3CBC625} - C:\WINDOWS\SYSTEM\INBNOG.DLL

Be sure to close all open windows, other then hijackthis, before hitting Fix checked.

Go to the following location and delete the highlighted file:

C:\WINDOWS\SYSTEM\INBNOG.DLL

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for …

Hi Dreamer132, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

Hi again :)

Since you mentioned having about:blank, you should run about:Buster to make sure you are rid of it:
http://www.majorgeeks.com/download4289.html

It would help if we could see your HijackThis log.

My Way Search Assistant is installed by Dell, that's how the dang thing got in there ;)

But just because Dell installed it, that doesn't mean you want it or should have it. Like I said before, your log doesn't show any of the usual signs associated with it, maybe you just got an incomplete or corrupted uninstall.

Anyway, if you go to the following locations and delete the highlighted folders, it should be gone:

C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts

Check this site for more info about 'My Way Search Assistant' and some other things you may want to look for:
http://www.pchell.com/support/mywebsearch.shtml

Other then that, I think you're okay :)

I´ll guarantee you that not every idea has been thought of.

Sure it has, a looong time ago. Haven't you ever heard this statement?

"Everything that can be invented has been invented."

-Charles H. Duell, Commissioner, U.S. Office of Patents, 1899.

:cheesy:

daniweb forum - was NOT opening yesterday

Hi

I just wanted to confirm whether i was not able to access or there was some problem from daniweb side bcz yesterday I was not able to access the forum.

It was around 9 pm in the evening for one hour continuous. I am from Kolkata India and it is IST which is GMT + 5.5 hrs.

Never ever experienced before with this forum.

thanks regards

:rolleyes: :surprised :rolleyes:

This was most likely the problem:
http://www.daniweb.com/blogs/entry224-f0.html

Well, that didn't help as much as I'd hoped. Try these steps; you'll need to be offline, so you may wish to print this (please read through it first so you will know what you will be doing in advance).

Download HSfix -- http://users.pandora.be/marcvn/tools/HSfix.zip
Unzip it and place it on your desktop, but don't use it yet.

Download and install CCleaner -- http://www.ccleaner.com/
Again, do not use it yet.

Also download Ewido -- http://www.ewido.net/en/download/
Let it update, but don't let it scan yet.

Go offline and reboot into Safe Mode.

Scan with about:Buster again.

Scan with CWShredder again.

Double-click on HSfix that you downloaded earlier (should be on your desktop); when it asks you if you want to add the contents to the registry, click Yes/OK.

Start CCleaner and click Run it.

Run a full system scan with Ewido and let it fix everything it finds. When done, you'll get the option to create a log and save it; do so because you will be posting this later.

Go to Start, Control Panel, Internet Options; click on the Programs tab, and then click the Restore Web Settings... button.

Empty your Recycle Bin, and reboot into normal mode.

Close any open browser windows, scan with hijackthis, and post a new log along with the about:Buster and Ewido logs.

Hi mortalsin, welcome to DaniWeb :)

Whether formatting would be easier or not depends on how many programs and such you have installed. It shouldn't be necessary though, we should be able to help you clean it up. But yes, formatting would get rid of the problem.

Note: Even if you've already done some of these things, please update them and run them again.

First of all, run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Then post a new hijackthis log please.

SilentBob3208,

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Post your HijackThis log and we'll see if we can figure this out.

Yes, everything is back to normal now...
Pretty sneaking this worm.isn't it??
I have zonealarm firewall with maximum the privacy settings and norton antivirus running and despite those the worm managed to enter and shut down norton antivirus 2004( by the way...too heavy and too dumm!!).
Thanks for the help..!!!

Glad to hear it :)

There is a lot of sneaky malware out there :mad: Keeps us pretty busy around here.

I just cleared Norton off my system myself... going to go with Nod32 ;)

Enjoy the site, and happy (& safe) computing!

I know you deleted those files previously, but they came back (they were in your prior log); but your last log looks clean :). Is everything running properly now?

Hi atsand, welcome to DaniWeb :D

Have you tried using System Restore to return your computer to a state prior to when you started having problems? If not, try that first.

You should put hijackthis into it's own folder; to do this, right-click in an open area of your desktop, select New, Folder. Give the new folder a name, like HJT or HijackThis, and then drag the hijackthis.exe icon that is on your desktop into this new folder.

Please post a new log after you've done the above.

Before posting a new hijackthis log, please get the latest version, 1.99.1

Do you still have the three trojans you mentioned in the beginning?

I'm not familiar with the Avant browser, but you should clear all Temp files, cookies, cache, etc.

You need to go to Windows Update and get SP1a for both XP and IE.

Run at least two of these free online anti-virus/anti-spyware scans:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools; have them fix whatever they find:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Hi Harish, Comotose had a thought (he actually has a lot of them, but this one had to do with your problem :) )

You could be having a memory problem -- well, your computer could be having a memory problem. Do you remember if you added any RAM around the time you started having trouble? If so, there could be an incompatability problem.

If not, it could still mean that a stick of RAM has gone bad, or is just not seated properly.

Use a wrist strap, or other means, to protect against static electricity, and try removing one stick at a time, booting your system with one stick missing at a time, and see if it makes any difference.

If it does, replace the RAM and boot up again -- if it works, it was just not seated well; if it still doesn't, the RAM is either bad or incompatible.

Try different RAM slots as well.

If none of this makes any difference, the problem must lie elsewhere.

hey buddy dlh6213,

got the basic cocept...thanks a lot...and u know what gave rep points to u(since u deserved it) :mrgreen:

thanks again man :D

Glad you understand it.

And thanks for the rep, but until you have at least 11 points yourself, it doesn't actually 'add' to (or subtract from) anyone's score, but they do know you appreciated the help :)

Also, once you give it to one person, you have to 'spread it around,' meaning you have to give it to at least five other people before you can give it to the same person again.

Better, but not clean quite yet. Try running HSRemove again (be sure to update it first), and then have HJT fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fίδ#·ΊΔΦ`I) - Unknown owner - C:\WINDOWS\mfcfc.exe (file missing)
And, if these IP addresses, 213.249.17.11 & 213.249.17.10 are not related to your ISP, have HJT fix this line as well --
O17 - HKLM\System\CCS\Services\Tcpip\..\{207A6AA2-E520-4613-B81F-BD4BD85E06C7}: NameServer = 213.249.17.11 213.249.17.10

Be sure all windows are close when you hit Fix checked.

Again, go to these locations and delete the highlighted files:

C:\WINDOWS\system32\ubjov.dll
C:\WINDOWS\mfcfc.exe

If they come back again we'll have to try something else.

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Glad we could help, but could you post a new log to make sure everything is as it should be?

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ubjov.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {763B83B8-1A6B-61BB-A43E-8A426D1F77FC} - C:\WINDOWS\system32\apizl.dll
O4 - HKLM\..\RunOnce: [mfcfc.exe] C:\WINDOWS\mfcfc.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fίδ#·ΊΔΦ`I) - Unknown owner - C:\WINDOWS\mfcfc.exe

Go to the following locations and delete the highlighted files:

C:\WINDOWS\system32\apizl.dll
C:\WINDOWS\mfcfc.exe
C:\WINDOWS\system32\ubjov.dll

Reboot, close any open browser windows, scan with HJT, post a new log, and let us know if you're still having problems.

Hi paranoid, welcome to DaniWeb :D

"I tried EVERYTHING" isn't very specific :) Do any of the following that you haven't done already...

First of all, run a couple of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

You shouldn't run hijackthis directly from your hard drive, it should be in it's own folder (like c:\HJT\hijackthis.exe).

After you've moved it into a folder, reboot, close any open browser windows, scan with HijackThis, and post a new log please.

Hi dave2U, welcome to DaniWeb :D

See if this thread helps at all (post #4 in particular).

Hi Kollin, sorry for the delay in responding to this. I can't really help much with the problem other then to suggest this:
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/boot_last_good.htm

Hi edallin, welcome to DaniWeb :D

Sorry this got overlooked, it's been pretty busy here lately. :(

If you're still having problems, try IEFix:
http://windowsxp.mvps.org/utils/IEFix.zip

And then post a new hijackthis log please.

how can i give u negative reputaion...

and also in forums u people talk abotu repuation...can u explain how its given actually........

If you go to the Control Panel tab, you will see your Reputation score in there. You start with 10 when you join and it goes up (or down) from there.

To use it, you click on the Rate Post box at the top of each post.

This thread can probably answer most of your questions about it:

http://www.daniweb.com/techtalkforums/thread20966-reputation.html

Run the PurityScan uninstaller:
http://www.purityscan.com/uninstall.html

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Reboot into Safe Mode.

Go to the following locations and delete the highlighted files:

D:\WINDOWS\system32\d3vv.exe

D:\WINDOWS\jzvvx.dll

Reboot normally, close any open browser windows, scan with hijackthis, and post a new log please.

Hi blackcat, welcome to DaniWeb :D

I've split your post into it's own thread per the site rules, "Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question," found here: http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

First of all, boot into Safe Mode and do a search for these files and delete any instances found (be sure your system is set up to show Hidden files and folders):

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (normally). Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll

Delete any icons from your desktop that you didn't put there yourself and empty your Recycle Bin.

Close any open browser windows, 'Scan and Save Log' with hijackthis, copy and paste the log in this thread please. Let us know if you found any of the files mentioned.

Hi verachion,welcome to DaniWeb :D

Besides the DAP, you have a few other things that should be cleaned up, but before you fix anything with HijackThis, you should put it into it's own folder. You can do this by right-clicking in an open area of your desktop, select New, and then Folder. Give the new folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder. After you've moved it, please post a new log.

Have you tried to remove DAP using Add/Remove Programs yet?

One more thing before you post a new log --

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Hi joe_sausage, welcome to DaniWeb :D

Can you post the log from after you deleted the F2 entry?

I don't really see anything in your log other then to make sure the IP address in the R0 and O17 entries are from your ISP.

Hi Maynd, welcome to DaniWeb :D

If you haven't done so already, follow these instructions as well (be sure your system is set to show Hidden files and folders first) --

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (normally). Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll

After you reboot, delete any icons from your desktop that you did not put there yourself and empty your recycle bin.

You do have your system set to show Hidden files and folders, don't you?

Scan with HJT and have it fix this entry:
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipba.exe (file missing)

Then go to C:\WINDOWS\system32 and delete ipba.exe

Try a 'release & renew' --

Go to Start, Run, type in cmd, click OK.

When the new window comes up, type in ipconfig /release

Wait a moment for it to do that, then type in ipconfig /renew

This may take a few moments; when it's done, type in ipconfig /all and post the results here.

You can also try IEFix from here (though I doubt it's the problem since your other browser doesn't work either):
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

Thank you very much for your help :)

You're welcome :); enjoy the rest of the site -- happy computing!

Hmmm, updates for Win98 or IE shouldn't have caused a crash :(

Sorry it didn't work out the way you intended, but, since you can afford it, you will probably be happier with a new system anyway :)

Here's some tips/advice for your *new* computer:
http://www.daniweb.com/techtalkforums/thread16365.html

Happy computing!

Hi dragos, welcome to DaniWeb :D

I've split your post into it's own thread so the fixes don't get confused.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
If these IP addresses are not related to your ISP, have HJT fix the related R1 entries also -- 80.96.19.1, 81.181.30, and 81.181.31.
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\web\related.htm
C:\WINDOWS\System32\libsysmgr.exe

Reboot; if the problem still exists, try this:

Put your XP CD into your CD drive.

Click Start, Run, and type SFC /SCANNOW into the box (note the space before the /), and then click OK.

Close any open browser windows, scan with hijackthis, and post a new log please.

Hi paraque_1, welcome to DaniWeb :D

Try this...

Scan with hijackthis and have it fix the following entries:

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web...hm::/update.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ｳｲﾙｽﾊﾞｽﾀｰ On-Line Scan) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

If these IP addresses are not related to your ISP, have hijackthis fix all the O17 entries as well -- 69.50.176.198 and 195.225.176.153

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS\System32 and delete ie2cltr.dll

Reboot, close any open browser windows, scan with hijackthis, and post a new log please. Let us know if you still have it.

Hi spiffymallethea, welcome to DaniWeb :D

I don't see Spybot or SpywareBlaster in your list; you should have those.

Google is your best bet for researching stuff... better then a dictionary! :)

If you like, you can post your HijackThis log here and we can have a look at it.

Glad to hear it :)

You should post another HJT log just to make sure.

Any other ideas?

I'm afraid I don't at the moment; I'll see if I can find out anything. Maybe someone else here will have some suggestions.

Looks okay to me :)

ok. i did everything you said again. i THINK it might have worked this time. the same files did not come back up in HJT. :)

I think you might be right :)

I don't see anything else in your log; let us know if you have anymore problems. And don't forget to consider disabling CTHelper.

Hi SkyMarshall, welcome to DaniWeb :D

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful).
If you have problems updating see here: http://www.ewido.net/en/download/updates/

Close the program (don't scan yet).

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode

Double-click on the Nailfix.bat on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with run Ewido (you will be posting the log from this scan later when back in normal mode). Note -- When you run Ewido for the first time, you will get a warning Database could not be found!, click OK when you do.

Reboot normally

Go to Add/Remove Programs in your Control Panel and remove (if found):

WebSpecials

Scan with hijackthis and have it fix the following entries:

O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejso32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\norway.exe -N
O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\SkyMarshall\Lokale …