Posts by dlh6213

Hi masclez, welcome to DaniWeb :D

You first need to help protect your computer by getting the Windows Updates (not SP2 yet), and do some basic cleanup. Instructions for all of this can be found in the links below (if you need help with any of the instructions, feel free to ask).

When you've finished, close any open browser windows, scan with HijackThis, and post a new log please, and we'll help you clean up anything that's still remaining.

That's quite a list! Please start by following the recommendations and instructions in the links below to protect and begin the cleanup process. Before fixing anything with HijackThis, it needs to be in a permanent folder (instructions can be found in the HijackThis link). While in the HijackThis thread, you may be able to clean up a few things yourself.

After you finish, reboot into Safe Mode.

Do a complete system scan with Ewido (note: you will be posting the log from this scan with your next reply).

Reboot normally, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

if i post hijack this will someone be able to help me get rid of it?

That would be the best thing to do at this point. There is a link to download it in the Infection link below.

See this bulletin from Microsoft for complete details:

http://www.microsoft.com/technet/security/advisory/912920.mspx

Hi bulldawgs, welcome to DaniWeb :D

Please follow the instructions in the Cleanup link below.

Reboot into Safe Mode.

Do a search for the following and delete any instances found:

msdirectx.sys
xz.bat

Empty your Recycle Bin.

Do a full system scan with Ewido, allowing it to fix whatever it finds. Note: you will be posting the log from this scan with your next reply.

Reboot normally, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

Hi JSRFkincade, welcome to DaniWeb :D

Please read and follow the removal instructions found here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html

If you have any trouble with, or questions about, any of this, please feel free to ask for additional assistance.

Hi Wolty, welcome to DaniWeb :D

Please follow the instructions in the HijackThis link below for assistance with putting HijackThis in a permanent folder.

After that, you can have HJT fix this entry:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

You should then have a look through the other two links to help protect your system and keep it clean.

Hi sueshi9, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below.

When you get to the Cleanup thread, download Ewido.

Reboot into Safe Mode and do a complete system scan with Ewido, allowing it to fix whatever it finds. Note: you will be posting the log with your next reply.

Reboot normally, close any open brower windows, scan with HJT, and post a new log along with the Ewido log.

Hi DinoDash, welcome to DaniWeb :D

Try the following fixes...

Winsockfix (if your OS is XP) -- http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/WinsockXPFix/WinsockXPFix.exe

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

And, if you're still having problems after that, try downloading an alternate browser (such as Opera or Firefox), this will help determine if the problem is with IE or elsewhere.

Hi darkline, welcome to DaniWeb :D

Please follow the instructions and recommendations in the links below. When you get to the Infection Removal thread, please follow the instructions in post #6.

When you've finished, close any open browser windows, scan with HJT, and post a new log please.

Go to Add/Remove Programs in your Control Panel and remove Viewpoint (or Viewpoint Toolbar, or something similiar).

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Close any open windows, other then HijackThis, and hit Fix Checked.

Go to C:\Program Files and delete the Viewpoint folder.

Empty your Recycle Bin.

Empty all of the temporary folders and delete all temporary files as explained in the 'Cleanup' link below.

Reboot into Safe Mode and do a full system scan with Ewido, allowing it to fix whatever it finds. (Note: …

Please follow the instructions in post #11 of this thread:
http://www.daniweb.com/techtalkforums/thread28196.html

Then go to one of the .manifest files, right click on it, and give us whatever information you can on it (Company, version, etc.).

Close any open browser windows, scan with HJT, and post a new log please.

Looking better :)

Go to Add or Remove Programs in your Control Panel and remove WildTangent (if present).

Scan with HJT and have it fix:

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrive...ave/Install.cab

Do you want to have PartyPoker on your system? If not, do the following as well:

Go to Add/Remove Programs and remove PartyPoker (if present)

Scan with HJT and have it fix the following entries:

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe

Be sure to close any open windows, other then HijackThis, before hitting Fix checked.

Go to C:\Program Files and delete PartyPoker.net (or PartyPoker)

Empty your Recycle Bin and reboot.

Let us know if you have any more problems.

Check out Nod32 and other info in this thread...
http://www.daniweb.com/techtalkforums/showthread.php?t=30612&highlight=nod32

Hi Tomac_1, welcome to DaniWeb :D

You have quite a bit of cleaning needed there; please start by following the recommendations and instructions in the links below.

When you get to the Specific Infection thread, get the latest version of HijackThis and make sure it is installed in a permanent folder (instead of a Temp as it is now), and then go to post #4 -- the instructions there should get rid of that virus.

When you've finished, close any open browser windows, scan with HijackThis, and post a new log to clean up any remaing items.

Sorry for the delay in responding to this, I've been pretty busy myself.

Are you still having problems? I don't see anything else in your log, but you may wish to consider disabling CTHELPER.EXE -- quote from sysinfo:
"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it."

the pokapoka doesn't appear these day so i thihnk i don't have to worry about those heh?

It's up to you, but it couldn't hurt to post a HijackThis log in the Virus forum for review -- just to make sure.

After you follow those instructions, go to post #14 of this thread --
http://www.daniweb.com/techtalkforums/thread28196.html
to remove yupsearch (pokapoka); then post your HijackThis log. Make sure you post the HijackThis log in the Virus forum (not in this thread).

Hi Bunny,

You have quite a few problems with your computer, but you should be able to get it cleaned up without reinstalling your Operating System.

Follow the suggestions and instructions in the links below to begin the process, and then post a HijackThis log in the Virus forum.

That said, you should still have backups of all the important things you wish to keep -- sooner or later your hard drive will fail or something else will happen that will cause you to lose some or all of what you have.

You can burn the data onto CD's which has alreday been advised, or you can get a USB flash drive (or several if necessary); they aren't too expensive, but I guess it depends on how important the stuff is to you.

Hi Carol,

Have you tried another browser yet? You can get Firefox from here:
http://www.mozilla.org/products/firefox/

Let us know whether or not you have the same problems with a different browser.

Reboot into Safe Mode and run HiJackThis (don't scan yet, just open it).

Click the "Open the Misc Tools Section" button
Then click the "Open Process manager" button

Next, while holding down the CTRL key, locate and click on (highlight) any instances of C:\WINDOWS\msinit.exe (if present)

Double-check and make sure that only C:\WINDOWS\msinit.exe is highlighted, and then click "Kill process." Now, click "Refresh," check again, and repeat this step if any remain.

With HiJackThis still open, click "Scan", then check the following, if present:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe

Close any open windows, other then HiJackThis, and click "Fix checked."

Go to the following locations and delete the following files (if present):

C:\WINDOWS\web\related.htm
C:\WINDOWS\msinit.exe

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log please.

Hi Heidi,

Please follow the instructions in posts #8 and then, if necessary, #4 of this thread --

http://www.daniweb.com/techtalkforums/thread28196.html

When you've finished, please post a new HJT log and let us know if you still have the problem.

Reboot into Safe Mode.

Do a complete system scan with Ewido, allowing it to fix whatever it finds. Note: you will be posting the log from this scan with your next reply.

Reboot normally, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

I agree with Rueful Rogue, I think you would get a better response if more people knew about it. What about a PM or email to all the members?

Post your HijackThis log and we'll have a look.

Hi Fastlad, welcome to DaniWeb :D

Please start by following the recommendations and instructions in the links in my signature block below. Then, as Dani said, post a HijackThis log here in this thread and we'll help you clean up whatever is left.

By the way, it may sometimes be several hours before you get a response; although we try to be, there's not always someone here 24 hours a day. I know you're anxious to get your computer running properly, but please try to be patient and we'll reply as soon as possible. If a day goes by with no response, then go ahead and 'bump' your thread to remind us that it's still active.

Try post's #8 and #4 in this thread and let us know the results --
http://www.daniweb.com/techtalkforums/thread28196.html

Sounds good! You're welcome :)

Hi jookboksnmbr3, welcome to DaniWeb :D

Please follow the advise and instructions in the links below to help prevent further infections and begin the cleanup process.

Right-click in an open area of your desktop, select New, Folder; give the new folder a name (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

After you've done the above, close any open browser windows, scan with HJT, and post a new log please.

Well, it looks like Ewido cleaned up quite a bit of junk there. Be sure to keep your Temporary folders, Cookies, etc. cleaned up; you can find help doing this in the Cleanup link below.

Crunchie pointed out something that I've been overlooking in your HJT logs, so you should scan with HJT and have it fix, if present:

O4 - HKLM\..\Run: [MyVBApp] C:\iexplorer.exe
(It's spyware, but Ewido may have fixed it already)

Set a System Restore Point.

Then go to C: and delete iexplorer.exe. MAKE SURE you delete iexplorer.exe, and NOT iexplore.exe (note the extra 'r').

Empty your Recycle Bin and reboot.

You should be okay now; let us know if you're still having problems.

Please follow the recommendations and instructions in the links below to properly protect your system, and to begin the cleanup process.

When you've finished, please post a new log so we can help you remove anything remaining.

Download and run Silent Runners.vbs -- http://www.silentrunners.org/. Post the information from the log it generates in your next reply.

Download Ewido --
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1

Boot into Safe Mode and do a full system scan with Ewido, allowing it to fix whatever it finds. Post the Ewido log with your next reply.

Reboot normally and post the Silent Runners and Ewido logs please.

Hi Dreg, welcome to DaniWeb :D

Please go to Add/Remove Programs in your Control Panel and remove the following, if present:

Jwskvt
winupdates
winsupdater
WinFixer_2005
WeatherBug (or AWS)

Then go to post #14 in this thread for instructions on removing yupsearch:
http://www.daniweb.com/techtalkforums/thread28196.html

When you scan with HijackThis, have it fix these entries in addition to the yupsearch instructions:

O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Kmbeeo] C:\Program Files\Jwskvt\Utrd.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /scan
O4 - Startup: mov06[1].exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop

Close any open windows, other then HijackThis, and hit Fix checked.

Go to the following locations and delete the highlighted files and folders:

C:\WINDOWS\seeve.exe
C:\Program Files\Jwskvt

C:\Program Files\winupdates
C:\Program Files\winsupdater
C:\Program Files\WinFixer_2005
C:\Program Files\AWS

Do a search for the following files and delete any instances found:

winlog.exe
mov06[1].exe

If any of these cannot be deleted, try booting into Safe Mode first.

Empty your Recycle Bin and reboot (normally).

Do you know what this file is for?
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
If not, right-click on it, go …

I doubt if it's related to ebay; a lot of people use it, myself included, without any problems.

Try downloading a different browser, such as Opera or Firefox and see if you have the same problem. This will help determine if the problem is with IE or elsewhere within your system.

You're right about that link, it doesn't work for me either, though I'm not sure why. But it doesn't really matter; you apparently had a different problem anyway.

You can have HJT fix this entry:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Still looks good.

I don't see anything else in your log.

You might want to try uninstalling and reinstalling your firewall.

And you can try an in-place upgrade (aka repair installation) to possibly resolve the other problem; instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Glad you were able to get it fixed :)

Hi Whitedove, sorry for the delay in replying to this; I answered it the other day, but apparently there was a problem with the server and it got lost in cyberspace.

Try right-clicking in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

Scan again and see if it looks like it should (per the examples you viewed previously).

If it still isn't right, you can get a self-extracting version of HijackThis from here (in line 2) the should put it in your Program Files folder:
http://www.malwareremoval.com/downloads.html

Post a new log once you get HJT moved.

What happens when you try to remove it?

Try this:

Reboot into Safe Mode

Go to Add/Remove Programs and try again to remove NavExcel.

Whether it works or not, then go to C:\Program Files and delete the NavExcel folder.

Still in Safe Mode, do a search for both NavExcel and NavHelper, and delete any instances found.

Empty your Recycle Bin and reboot normally.

Check the Add/Remove Programs to see if it's gone and let us know.

I don't see any signs of navexcel in your log, but to remove it, go to Add/Remove Programs in your Control Panel, select 'NavHelper' (if present), and click 'Remove'.

Have HJT fix:

O2 - BHO: (no name) - {41A71D94-FC13-469A-943C-ABA9876B0D04} - C:\WINDOWS\system32\iutengine.dll

Go to C:\WINDOWS\system32 and delete iutengine.dll

Empty your Recycle Bin and reboot. Post a new log and let us know if there is any improvement.

Here's some cartoons --
http://www.daniweb.com/techtalkforums/thread12587.html

Hi Diane, I have a few suggestions, hopefully one of them will help.

1. If you have more then one antivirus program installed, that could be causing the problem; decide which one you prefer and uninstall the other.

2. Try using System Restore to return your system to a time before you started having trouble.

3. If that still doesn't work, you can try an in-place upgrade (aka repair installation) for XP; instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Just a little HijackThis cleanup, but first, right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

Scan with HijackThis and have it fix all of the O16 entries:

O16 - DPF: BBS - http://ace.apexlearning.com/Live/ja...ses/BBS/BBS.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.218 - http://64.85.20.252/Java/cfs31218.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.108:8148/Java/cs4ms090.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8....r-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/wh...n-ob-assets.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.com/member/ocx/WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) …

Only seven 'yes' votes so far? I don't think the word is getting out well enough. Maybe it would help to put in the 'Featured Threads."

I would think most of the moderators should try to attend. As far as I know, I should be able to make it :D.

her stomach like

Yesterday I made several posts (about 6) but today they are gone. I also noticed at least a few posts that Crunchie made are now gone as well. What happened to them and is there any chance of getting them back? :confused:

Looks good to me :)

If you continue to have problems, try WinsockXPFix --WinsockXPFix

Run it, and click the Fix button; choose YES when asked if you want to proceed.

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

I've seen this type of behavior from a virus before (one example here -- http://www.daniweb.com/techtalkforums/thread30990.html), so we should try to determine if that is the problem first by scanning with HijackThis and posting the log.

Don't reboot your system until instructed to do so.

Hi WhiteDove, welcome to DaniWeb :D

Please review the last link below for help with putting HijackThis in a safe folder (instead of a Temp folder), and for suggestions on some things you can cleanup on your own.

While in that thread, go to post #14 for help removing Yupsearch.

After you get HijackThis moved to its own permanent folder, please post a new log.