Posts by dlh6213

As a precaution, I suggest you boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted -- most likely param32.dll -- run Pocket Killbox
(http://bleepingcomputer.com/files/spyware/KillBox.zip) and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

That last scan looks incomplete, so this is in response to the one prior to it.

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - F:\WINDOWS\systb.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] F:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [rreblo] f:\windows\system32\jyniwsv.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/asset...ALStreaming.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.comcast.net/classes/ExentCtl.ocx
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,23/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O16 - DPF: …

Go to Add/Remove Programs in your Control Panel and remove any of the following found:

Browser Enhancer
Home Help Assistant
Search Extender
Shopping Wizard
Ultimate Browser Enhancer
Window Search
Window Searching

You may be given a code to insert, do so and reboot when done.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kyhdq.dll/sp.html#89411
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2CD010E8-0B89-0B57-0309-03493BE208A3} - C:\WINDOWS\system32\iejp.dll
O4 - HKLM\..\Run: [appmt32.exe] C:\WINDOWS\appmt32.exe
O4 - HKLM\..\RunOnce: [ntyi32.exe] C:\WINDOWS\ntyi32.exe
O4 - HKLM\..\RunOnce: [sdkqv.exe] C:\WINDOWS\sdkqv.exe
O4 - HKLM\..\RunOnce: [mfcvx32.exe] C:\WINDOWS\mfcvx32.exe
O4 - HKLM\..\RunOnce: [apisq.exe] C:\WINDOWS\system32\apisq.exe
O4 - HKLM\..\RunOnce: [nethm.exe] C:\WINDOWS\system32\nethm.exe
O4 - HKLM\..\RunOnce: [winjd32.exe] C:\WINDOWS\winjd32.exe
O4 - HKLM\..\RunOnce: [sysqp.exe] C:\WINDOWS\sysqp.exe
O4 - HKLM\..\RunOnce: [javaws32.exe] C:\WINDOWS\javaws32.exe
O4 - HKLM\..\RunOnce: [msjs32.exe] C:\WINDOWS\msjs32.exe
O4 - HKLM\..\RunOnce: [ippu.exe] C:\WINDOWS\ippu.exe
O4 - HKLM\..\RunOnce: [crrm.exe] C:\WINDOWS\crrm.exe
O4 - HKLM\..\RunOnce: [netwg32.exe] C:\WINDOWS\netwg32.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntyi32.exe" /s (file missing)

Be sure all windows are closed prior to hitting Fix checked.

Go to the following locations and delete the highlighted …

Since you have so little time to do this before your system shuts down, I thought I'd post the instructions Catweazle referred to here; if you can print them out on another computer, that would probably help.

You may have to try this several times, as you only have about 20 seconds to do this.

To prevent the shut down, do the following:

Disconnect the computer from the network/Internet connection (disconnect the cable if necessary).

Restart the computer.

As soon as Windows opens and you see the Windows desktop, click Start > Run.

Type: cmd

and press Enter.

Type: shutdown -i

and press Enter.

In the Remote Shutdown Dialog that opens, do the following:

Click Add, type your computer name into the Add Computers dialog box, and then click OK.

In the "Display warning for" field, type: 9999.

Type the following text in the Comment box:

Delay Lsass.exe shutdown.

Click OK.

Reconnect the network/Internet connection.

Connect to the Internet, and get the patch. Then continue with the steps described below.

When you have patched your computer and removed the threat, you can re-enable the 20 second default warning if you wish.

In addition to what DMR has suggested, try to delete hzdll.dll and hoo.dll (you may need to boot into Safe Mode)

Also, do a search for internet.exe and, if found, give us the same info as requested for internat.exe and rundll32.exe.

One more thing you may want to try... do a search by size for any files that are 49577 bytes, and give us the results (unless there's a looong list) -- actually looking for rundll32 and/or internet.exe files this size, but it's possible there could be a new name.

Note: if your clock fails to keep time accurately, it could be an indication that your CMOS battery (the battery on your motherboard) is dying.

You "gurus" out there really let me down this time.

First of all, I'd like to welcome you to DaniWeb :)

But I'd like to know how you can make a statement like this when you never posted anything stating what your problem was or asking for suggestions?

You have HijackThis in a Temp folder (C:\Documents and Settings\Gebruiker\Local Settings\Temp\HijackThis.exe). You need to move HijackThis to It's own permanent folder, like c:\HJT\hijackthis.exe.

After you move it to it's own permanent folder, please post a new log. :)

Hi Postie, welcome to DaniWeb :D

In addition to what kAtHicKa has suggested, go to Windows Update and get the Critical Updates for your system as soon as possible.

Also, for every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty the Recycle Bin.

Reboot, close any open browser windows, scan with HijackThis, and post a new log please.

North of Seattle; you?

Welcome to DaniWeb dcnik :D

Start with this --

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you do run Ewido for the first time, you will get a warning Database could not be found!, click OK when you do.

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode

Double-click on the Nailfix.bat on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run Ewido, and run a full system scan (you will be posting the log from the scan later when back in normal mode).

Reboot normally

Go to Add/Remove Programs in your Control Panel and remove (if found):

My Way Search Assistant
My Web Search

Before fixing anything with hijackthis, you need to move it out of the Temp folder it is in now to it's own permanent folder (like c:\HJT\hijackthis.exe).

After you've …

Hey, I see you're a fellow Washingtontonian; not many of us here :)

Hi headtotoe, welcome to DaniWeb :D

You haven't done the most important thing yet :), go to Windows Update and get SP1a for both XP and IE.

Download and run:

HSRemove -- http://www.majorgeeks.com/download4286.html

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html

About:Buster -- http://www.majorgeeks.com/download4289.html

Check for updates before scanning.

Scan withhijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xgarx.dll/sp.html#89411
R3 - Default URLSearchHook is missing
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1095441821435
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/m...OCX/FlashAX.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntyi32.exe" /s (file missing)

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations …

I'm not sure what you mean... when you scan with HijackThis, the log comes up as soon as it's finished scanning. Or you can save the log and view it from there, or copy it and paste it here if you would like some help with it.

Thanks!! I will definitely take those precautions. What web browser do you guys hzdll.dll and hoo.dll I've had issues with netscape on a few different machines. It seems to really "crunch" the computer at times.

Anyways, you have been a great help!

Try Firefox and Opera and use the one you prefer :)

First of all you should go to Windows Update and get all the Critical Updates for your system.

Then, get about:Buster from here:
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop, run it, and:

Click Update, and then Check For Update, and Download Update; wait for the updates to be installed.

After the udates have been installed, click Start
(Wait for the initial ADS scan to complete.)

Click Yes to shutdown any IE session currently open when asked
(Wait for the about:blank scan to complete.)

Click OK to scan once more when prompted

Click Yes to shutdown any IE sessions currently open, and then Yes to begin the second pass

Click Save log

Click Exit, and then Exit again

Reboot

Scan with hijackthis and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080;gopher=http://www-cache.freeserve.net:8080
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.net/

Be sure to close all windows, other then hijackthis, before hitting Fix checked.

Reboot, close any open …

Hi,

I have an EXTREMELLY STUPID question about HijackThis logs. What exactly are they, how do they work, and is there a decent tutorial on them. Thanks in advanced.

Thanks again,
Ian

That's not a stupid question :)

What it is: a utility that shows (most) of the processes running on a computer -- good and bad.

How it works: I haven't a clue :confused:

There are many tutorials on it, just use Google to do a search. I personally like this one the best:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

Are you still unable to copy and paste the highjackthis log?

I have been getting repeatedly the followings problems:
ValueClick
Avenue A. Inc.
DoubleClick
MediaPlex

How do I get rid of them permenently?

I run S & D and fixed the problems every time but next time I run it again, I get the same problems.

Thanks for helping.

foxkueh

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Hey rvince, that's all good advice, but won't help with Aurora :)

Welcome to DaniWeb Red :D

I'm still trying to get a handle on this particular infection myself, but you can start with this --

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you do run Ewido for the first time, you will get a warning Database could not be found!, click OK when you do.

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode

Double-click on the Nailfix.bat on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run Ewido, and run a full system scan (you will be posting the log from the scan later when back in normal mode).

Reboot normally

Go to Add/Remove Programs in your Control Panel and remove (if found):

My Way Search Assistant
My Web Search
WinTools

DMR is correct about how quickly you can become infected, you may wish to do some things before you go online for the first time -- this thread may be of some help (a lot of it reiterates what DMR has already suggested):
http://www.daniweb.com/techtalkforums/thread16365.html

Also, as soon as possible, go to Windows Update and get the Critical Updates for your system.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty the Recycle Bin.

If you still have HijackThis, update it to the current version (1.99.1) or you can get the self-extracting version of it from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

...as it rejected my password, ( which I have been using for the last 5 years).

Just for future referecence, your password should be changed at least annually, and more often would be even better. It wouldn't hurt to change your secret question as well, and give a response that cannot be easily found out (for example, if the question is your mother's maiden name, instead of giving her actual maiden name, use her middle name or something more difficult to obtain or figure out).

Not on a permanent hard drive, in it's own permanent folder. like c:\HJT\hijackthis.exe (not in the Temp folder it is in now).

Remember this was just a start, after he's moved hijackthis to a safe place, we need to see another log.

Basically, "blog" is short for web-log, an online journal.

Glad to hear it; thanks for letting us know :)

These are good questions and I didn't know the answers either, so I used Google and found a lot of answers, but these seem to sum them up best:

Scroll Lock:
http://www.straightdope.com/mailbag/mscrolllock.html

Tilde:
http://diveintomark.org/archives/2002/10/04/history_of_the_tilde

By the way, I didn't think this really belonged in the Windows 9x forum so I've moved it to the Geek's Lounge :)

Go ahead with the other steps crunchie suggested.

I'm no expert on AMD CPU's by any means, having only owned one in my life, so I just went to the AMD website where I found this document (http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/21329g.pdf) that shows the AMD-K6 3D was available from 200MHz to 450MHz; it was introduced in 1997, but I'm not sure how long it was produced. The AMD-K6-2, which came out in 1999, had speeds in the 500's.

Like I said, I'm not an expert, so forgive me if I'm incorrect about any of this.

Just one more addition before this is closed -- anyone willing to purchase a code can find plenty available here:
http://search.ebay.com/xbox-live-subscription_W0QQsojsZ1QQfromZR40

You're not stupid -- that particular post, I would say, is in an appropriate place, and you seem to have given sufficient information. Apparently no one has viewed it yet that can offer a solution (myself included).

Do you have any examples of some posts of yours where someone has sneered at you?

Hi Laura, I don't think it will help with your Shutdown problem, but there are some things in your log that should be fixed.

Go to Add/Remove Programs in your Control Panel and remove (if found):

Media Access
Internet Optimizer

Scan with HJT and have it fix the following entries:

O2 - BHO: (no name) - {1FF04B25-0A23-4A12-960C-73F8B9950436} - C:\Program Files\WebSearch\Util\XBK52AHI.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://directplugin.com/tl7000.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M.../bridge-c10.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted file …

I don't think so myself, but you can wait and see if there are any other opinions...

Hey Billy, why didn't you just invite your friend to join here himself? :D

Of course you know HJT should be in it's own permanent folder before fixing anything with it, but this will give him a start...

Get RapidBlaster from here and run it:
http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal

Go to Add/Remove Programs and remove:
Ebates
E2G
TSA
TV Media
Viewpoint
Weatherbug
Web Offer
Web_Rebates

After you're sure he's moved HJT out of the Temp folder:

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty the Recycle Bin.

He will also be needing LSPfix and can get it from here: http://www.computercops.biz/downloads-file-334.html

Reboot, and post a new log; and find out if he knows what HOTLLAMA MEDIA is.

Hi SirQuester, welcome to DaniWeb :D

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

SHDOCVW.DLL is a Windows operating system file that renders the IFRAME, FRAME, and EMBED HTML tags. It can, however, become infected ( http://antivirus.about.com/od/virusdescriptions/a/bofra.htm). If you no longer have the file, it may have deleted by one of your cleaning programs because it was infected; you can download it from here, if needed:
http://www.dll-files.com/dllindex/dll-files.shtml?shdocvw

I don't see anything else in your log; just as a precaution/cleanup you could have HijackThis fix all the O16 entries. I don't see anything bad there, but any that are legit will come back the next time you visit that particular website.

Sorry for the delay; can you post a new log please?

There seems to be a conflict between your title and the post itself; are you having a problem with MS Word or the Operating System itself?

What OS are you using? If it's XP or Me, can you boot into Safe Mode and try System Restore?

Why do you suspect the hard drive? Are you hearing unusual noises coming from it?

Gilly4, please keep all replies in the forum; not only is it one of the site rules, but you can also get more advice... and, it may help others who have similar problems :D

Hi roothy123, welcome to DaniWeb :D

You would probably get some responses to this if you posted it elsewhere (like the Windows Software forum, or even the Geek's Lounge), since this particular forum is supposed to be for introductions.

Hi whatisbobo, welcome to DaniWeb :D

This question should have gone in the Hardware forum, but...

As far as I know, the AMD-K6 3D was only available in 266MHz to 400MHz, can you contact the vendor of the USB card directly to see if it will be compatible with your CPU?

By the way, what is bobo? :rolleyes:

This should help you out:
http://www.daniweb.com/techtalkforums/thread13362.html

Hi WPA, welcome to DaniWeb :)

From the problems you described, I would suspect you may still have some files lurking that you should remove. So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Welcome to DaniWeb! :D

You've posted in the right place, but before you fix anything with hijackthis, you need to move it from the Temp folder it is now in, to it's own permanent folder (like c:\HJT\hijackthis.exe) so that it, and the backups it will create, will not get accidentally deleted.

After you've moved it, close all browser windows, scan with HJT, and post a new log please.

What version of Xoftspy do you have?

I'm still trying to get a handle on this particular infection myself, but you can start with this --

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you do run Ewido for the first time, you will get a warning Database could not be found!, click OK when you do, we will fix this in a moment.

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode

Double-click on the Nailfix.bat on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run Ewido, and run a full system scan (you will be posting the log from the scan later when back in normal mode).

Reboot normally

Before fixing anything with hijackthis, you should put it into it's own folder. To do this, right-click in an open area on your desktop, select New, Folder; give the new folder a name (something like …

Hi Briq420, welcome to DaniWeb :D

First of all, go to Add/Remove Programs in your Control Panel and remove any of the following found:

Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
WildTangent

You may be given a code to insert, do so and reboot when done.

Run the Lop Remover from:
http://www.thespykiller.co.uk/downloads.htm

Reboot, scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nljjp.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0D77B60B-F9B8-DEB6-F8BC-A4507B4AA22E} - C:\WINDOWS\appur.dll
O2 - BHO: Class - {508CEC2F-E4FA-ECDD-E35D-6317744EFBD7} - C:\WINDOWS\atlho32.dll
O2 - BHO: Class - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\ipkm32.dll
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [netgj32.exe] C:\WINDOWS\system32\netgj32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LF...egames_live.cab
…

First of all, go to Add/Remove Programs in your Control Panel and remove any of the following found:

Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
Media Access

You may be given a code to insert, do so and reboot when done.

Run the Lop Remover from:
http://www.thespykiller.co.uk/downloads.htm

Reboot

Before fixing anything with hijackthis, you need to move it from the Temp folder it is now in to a permanent folder of it's own, like c:\HJT\hijackthis.exe.

After you've moved it, close any open browser windows, scan with hijackthis, and post a new log please.

...I've followed your instructions to the "T"...

Not quite, you still need to get the latest version of hijackthis :) You can get the self-extracting version from here (in line 2):
http://www.malwareremoval.com/downloads.html

The O-2 BHO's with (No file), are they deletable?

Yes, it is safe to have hijackthis fix the BHO's with (no name) & (no file)

As you can tell by looking I've not much experience in this area, but would really like to educate myself.

There are several HijackThis tutorials available, such as this one:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

Welcome to the site Kath! :)

No stupid questions here!