Posts by dlh6213

...why your wife's system attracts more 'nasties' than yours. Her computing habits are doubtless different to yours, and they may expose her to more risk of infection than you experience. An advertisement might spark her curiousity, a 'close' button on an advertising box may be something else in disguise. There will definitely be differences in the places you visit and the way you interact with them.

Zeroth, to expand a bit on what Catweazle said here, instead of closing popups with the X (which some use to 'execute'), right-click on the ad and select Close; this may help prevent some of the problems.

You should post a new log in case there is some final cleanup that should be done.

Try a 'repair' installation, instructions here (Method 2):
http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

1. Start your computer, press and hold CTRL, and then choose Safe Mode Command Prompt Only from the Windows 98 Startup menu.

2. At the MS-DOS prompt, type cd\windows\command (where windows is the name of the folder in which Windows is installed), and then press ENTER.

3. At the C: prompt, type scanreg /restore, and then press ENTER (note the space before the forward slash).

4. Select the previous registry you want to restore, and then press ENTER.
NOTE: A properly working registry has the word "Started" next to the date.

5. When you receive notification that you restored a properly working registry, press ENTER to restart your computer.

What is a digital signature?

That's not a real easy question to answer, but this link gives an overview:
http://www.webopedia.com/TERM/D/digital_signature.html

This one goes into more detail:
http://www.youdzone.com/signature.html

Hi Albert and welcome to DaniWeb :)

I split your posts into their own thread; we ask that members start a new thread when they have a problem so you get the individual attention you need, and so the advice doesn't get confused.

Now, just to clarify what you've already done, did you already do this:

Download the Pocket KillBox
Unzip the file to your desktop.

Go offline until you have completed all the below.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file.

C:\WINDOWS\System32\systr.dll

Reboot afterwards if the file is successfully deleted.

If the file is not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File will be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot.

If so, did you find systr.dll and successfully delete it?

If not, do so now. Then scan with HJT and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/066/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page …

Is it possible to have formatting characters ie, paragraph marks, spaces print in a Word (2003)doc ??? :?:

For Word 2003, see if this helps:
http://office.microsoft.com/en-us/assistance/HP051883801033.aspx

In Word 2000, it works like this (in case it helps): with Word open, go to Tools, and then Options. In the Options window, click on the View tab; you should see a section on Formatting marks, just check whichever ones you like (or All), and click OK to exit.

I just reread your question and now I'm not sure if you're asking to be able to just view them or to actually print them. If you want to print, go to the same Options window, but select the Print tab. I'm not sure which one it would be, but I would try, in this order, Hidden text, and then Draft output, and finally, if the others didn't work, Field codes. If none of those work, try some of the others, I'm sure one of them will do the trick.

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageRes...g=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon...oad/tgctlcm.cab
O16 - DPF: {4E7BD74F-2B8D-469E-9ABF-BF78B598A832} - http://toolbar.information.com/tool...information.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,21/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/...ller/dwnldr.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/active...ate/sdkinst.cab
O19 - User stylesheet: (file missing)

Be sure all windows, other then hijackthis, are closed before hitting the Fix button.

Go to the following locations and delete the highlighted file or folder:

C:\Program Files\ISSS
C:\WINDOWS\system32\pc32.exe

I would not recommend connecting your Pocket PC to this computer until it gets cleaned up.

Did you install MagicKey on your computer?

You do have Crypkey software by Kenonic Controls installed on your computer, if it's not something you use, you should consider removing it.

How well do you know the person that put XP on your machine?

(You can find some info on Zilla here, if you're interested: http://research.sunbelt-software.com/threat_display.cfm?name=ZillaFind/ZillaBar)

Reboot, close any open browser windows, scan with HJT, and post a new …

What OS are you using? If available, you can try System Restore, or you could try doing a 'Repair' installation.

Okay my friends dad said he could wipe off my computer for me but the only problem I really have is that I don't have the installation disc to my internet is there a way he could like take everything off besides my internet or anything?

Is that the installation disk from your ISP, or are you talking about a browser?

Internet Explorer will be included with the Windows OS, others can be downloaded.

If it's the disc from your ISP, you will probably need to request a new one.

That's a pretty good review there; I'd just like to make a couple comments of my own.

Very few people have problems with Ad-Aware or Spybot, but from what I've seen, there are more issues with Spybot then Ad-Aware so hopefully you're assesment will not keep anyone from getting either of these as they are both very useful. I would give Ad-Aware a higher rating then Spybot primarily because they update their data base much more frequently.

I think I would give CounterSpy a 9 and Microsoft a 7. Microsoft and CounterSpy are both base on Giant's antispyware, that's why they look so similar.

You can see my comments on Microsoft's product here (post #8):
http://www.daniweb.com/techtalkforums/showthread.php?t=20187-shady

Use System Restore to reset your system back to a date prior to when this problem started.

You will probably have to 'clean' it up again, just use more caution when doing so (or get assistance by starting a new thread in the Virus forum).

This particular thread has been 'Solved,' anyone (besides Pleasehelpme) who has a similar problem should start a new thread so they can get individual assistance. Thanks :)

It sounds as if you've gotten some type of virus, so I've moved your thread to the appropriate forum (for the time being anyway).

Get HijackThis from here:
http://www.malwareremoval.com/downloads.html (look for the link to the selfextracting version in line #2)

Close all browser windows, 'Scan and Save Log' with hijackthis, copy and paste the log here.

As for an alternative browser, it is highly recommended you do so, and most of the more popular ones are similar enough to IE that you shouldn't have too much trouble getting used to them. You can search around here at DaniWeb for opinions and recommendations to help you decide for yourself, but Firefox (http://www.mozilla.org/products/firefox/) seems to be the most popular choice.

Since some type of malware or hijacking is suspected here, I suggest you get HijackThis from here:
http://www.malwareremoval.com/downloads.html (look for the selfextracting link in line #2)

Close all browser windows, 'Scan and Save Log' with hijackthis; start a new thread in the Virus forum, and copy and paste the log there along with a description of your problem.

As long as you can access the drive, this program should work, but keep in mind some of the files may have become corrupted:

http://www.snapfiles.com/get/restoration.html

I don't suppose anyone could give me an idea of what the "average" CPU/system temperature should be?

Here are some threads that may help answer that:

http://www.daniweb.com/techtalkforums/showthread.php?t=21263-temperature

http://www.daniweb.com/techtalkforums/showthread.php?t=20467-temperature

http://www.daniweb.com/techtalkforums/showthread.php?t=20016-temperature

http://www.daniweb.com/techtalkforums/showthread.php?t=19749-temperature

http://www.daniweb.com/techtalkforums/showthread.php?t=17692-temperature

Still need the Windows Updates

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Scan with HJT and post a new log please.

Get about:Buster from here:
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop, run it, and:

Click Update, and then Check For Update, and Download Update; wait for the updates to be installed.

After the udates have been installed, click Start
(Wait for the initial ADS scan to complete.)

Click Yes to shutdown any IE session currently open when asked
(Wait for the about:blank scan to complete.)

Click OK to scan once more when prompted

Click Yes to shutdown any IE sessions currently open, and then Yes to begin the second pass

Click Save log

Click Exit, and then Exit again

Reboot

Close all browser windows, scan with HJT, and post a new HJT log and the about:Buster log

The last log you posted is over two months old, can you post a new one please?

Before you do, update HijackThis to the latest version (1.99.1)

The first thing you need to do is go to Windows Update and get the Critical Updates for your system (SP1a, hold off on SP2, at least until your system gets cleaned up).

The second thing you should do is move hijackthis into it's own folder before fixing anything with it. You can do this by right-clicking in an open area of your desktop, select New, Folder; give the new folder a name (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

After you've done that, close all browser windows, scan with HJT, and post a new log please.

Copied post over to thread currently in work (http://www.daniweb.com/techtalkforums/showthread.php?p=110412#post110412)

I dont know how I ended up here on the second page without any other pages showing. I hope you guys get this post.

You accidently posted this in your original thread in the Browser forum, so I copied it over to here.

My computer froze up completely last night. I tried to do a systems restore and it froze up worst. I was finally able to do a ctrl alt delete and get the keyboard to functioning and do another systems restore and get it back to working status. I went through all the steps on the instructions yall gave me and redeleted all original files that you listed. I have done about all i can and the xxxthing stil wont dawnload a thng. I included some things listed in my adaware log I found that you had ask me if i had. Please take a look at the most recent logs and let me know. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:20:37 PM, on 4/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageRes...g=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr …

I used BidPay once or twice without any problems, but just for small amounts.

If someone is paying you for something, as long as you wait until the money is safely in your account before shipping the item (or providing the service), you should be okay.

I never got an answer to my question about Acrobat and fixed it myself. I tried a question about why I couldn´t paste stuff on a message here from Firefox someplace else, can´t remember where it´s been so long.

Isn't this the one where Catweazle suggested you remove/reinstall Acrobat and you ended up reformatting? (http://www.daniweb.com/techtalkforums/showthread.php?t=19634&page=2&pp=15)

Here's the one about Pasting, no replies to that one yet (http://www.daniweb.com/techtalkforums/showthread.php?t=21188)

I still say we need a ¨browser¨ forum. Heck by the time we get one, I won´t need it anymore, I´ll have fixed everything myself. (kidding, kidding) :o

Did you notice the new name here? Web Browsers instead of Internet Explorer :)

Although I don't think Winferno is one of them, there are actually anti-spyware vendors out there that 'throw nails in the road' in order to get business. SpyHunter used to fall into this category and I would suggest removing it. You can read a bit about it here: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note

(Always check this site before getting any anti-spyware products: http://www.spywarewarrior.com/rogue_anti-spyware.htm)

Winferno does make it surprisingly difficult to remove their product.

Do you have Crypkey software by Kenonic Controls installed on your computer?

Do you have any 'free trial' software installed?

Do you use a handheld PC that you sync with this one?

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

Winferno (also look for SecureIE, SIEPIE, or SIEPulse)

Scan with HJT, and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageRes...g=true&query=%s
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll (file missing)
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\SIEPIE\SIEPulse.exe"

Be sure all windows, other then hijackthis, are closed before hitting the fix button

Go to C:\Program Files and delete the Winferno folder

Go to C:\Documents and Settings\Administrator\Application Data and find umbs.exe, right-click on it, choose Properties, and give us whatever info you can find on it (Company, version, etc.). I think it's okay, just want to make sure.

Reboot, close all browser windows, scan with HJT, and post a new log …

You have a few things there that should be cleaned up, but before doing so you should move HijackThis into it's own permanent folder instead of the Temp folder it's in now (something like c:\HJT\hijackthis.exe or c:\hijackthis\hijackthis.exe would be good). That way the program, and the backups it will create, will be safe from deletion when we clean out your temp folders.

After you move it, close all browser windows (including Firefox), scan with HJT, and post a new log please.

I have no experience with the Nvidia firewall, but since it is basically a hardware firewall, it should offer more protection then any software firewall, so I would recommend using Nvidia.

Note: almost any stand-alone software anti-virus is better then what is included with XP

Those popups make it look so legit, don't they?

Get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, copy and post the entire log here so we can see what's going on with your system.

Get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, and post the log here so we can see what's going on with your system.

SecureIE may be causing part of your problems (including why hijackthis can't determine your IE version). Read the last couple of paragraphs in this review:
http://netsecurity.about.com/cs/productreviews/fr/aafpr080303_2.htm

Check the following settings in IE:

Click on Tools, and then Internet Options; click on the Security tab, and then on the Custom Level button. Scroll down the list to Downloads (past the part involving ActiveX); under Downloads you should see two options -- File download and Font download, make sure both are Enabled, and then click OK, and OK again.

After you do that, try downloading IEFix from here:
http://www.majorgeeks.com/download4467.html

Keep us posted...

PS: I'm trying to find out how to completely remove SecureIE... anyone here have any suggestions?

It could be overheating, have you cleaned the inside recently? (Be careful when doing this, either wear an anti-static wrist strap or touch a metal part of the case frequently while doing so)

Are the fans all operating properly?

Your log looks okay to me, other then that one file, which is probably not bad, but just to be sure...

Go to C:\WINDOWS, find the Wfrmsrv.exe file, right-click on it, and do a virus scan.

After that, right-click on it again and choose Properties; let us know the results of the virus scan and whatever info you get from Properties (company name, version, etc.)

Here are a couple of links that may help:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315335

http://www.smartcomputing.com/techsupport/detail.aspx?guid=&ErrorID=21389

Since you have SP2, it's most likely the RAM problem (first link)

Here are some links that may help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315323&Product=winxp

http://support.microsoft.com/default.aspx?scid=kb;en-us;822967&Product=winxp

Go to Windows Update and get the Critical Updates for your system

Get the latest version of HijackThis here:
http://www.spywareinfo.com/~merijn/

Close all browser widows, scan with hijackthis, and post a new log please

Did you update about:Buster before running it? It should have removed this one -- C:\WINDOWS\SDKSA32.EXE

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vliny.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vliny.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {07E4FD77-394B-B875-5A4B-DD790369CC6A} - C:\WINDOWS\SDKNZ.DLL

Be sure all windows, other then hijackthis, are closed before hitting the Fix button

Go to the following folders and delete the highlighted file (if any won't delete, try booting into Safe Mode first):

C:\WINDOWS\SDKSA32.EXE
C:\WINDOWS\SDKNZ.DLL
C:\WINDOWS\SYSTEM\WINDC.EXE

Reboot

Close all browser windows, scan with HJT, and post a new log please.

Do you have LSoft installed? (Wondering becuase of this -- Wfrmsrv.exe)

Download CWShredder 2 from here:
http://www.intermute.com/spysubtract/cwshredder_download.html

Run it and press Fix (not scan) and allow it to clean the infection. Close all windows before hitting the Fix button.

Run About:Buster, and then:

1. Click Update

2. Click Check For Update
(If no new version is available, skip to step #4)

3. Click Download Update and wait for it to be installed

4. Click Start
(Wait for the initial ADS scan to complete)

5. Click Yes to shutdown any IE session currently open
(Wait for the about:blank scan to complete)

6. Click OK to scan once more

7. Click Yes to shutdown any IE sessions currently open

8. Click Yes to begin the second pass

9. Click Save log

10. Click Exit

11. Click Exit

12. Reboot

Close all browser windows, scan with hijackthis, and post this log along with the about:Buster log

Close all browser windows, scan with HJT, and have it fix the following entry:

O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL
-SmartBrowser (BHO010~*.DLL)

Get CWShredder from here:http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)


2. Click "Click here to Download the upate"


3. When the new version has been downloaded, click "Save"


4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Reboot, close all browser windows, scan with HJT, and post a new log please.

Blue Screen of Death

One program that may help you accomplish your goal is called ComputerCop and is available here (it's not free though):
http://www.computercop.com/homeprods.html

To answer your question, yes, you should delete the contents of all temp folders (but not the folders themselves).

But it doesn't sound like you're still finding all of the temp folders. When you go to your D drive, and open the 'Documents and Settings' folder, you should see folders in there for every user on your computer (from what I can gather from your prior posts, there should at least be Administrator, Mr.Alvandi, and possibly Alan Kala).

When you open each of these folders, you should see 'Local Settings' and within that folder you should find 'Temp' and 'Temporary Internet Files' folders.

For each user, you want to delete the contents of the 'Temp' folder completely; in the 'Temporary Internet Files' folder, there should be a 'Content.IE5' folder, and you should delete the contents of that as well.

Also on your D drive, go to the Windows folder, find the Temp folder, and delete the contents.

It's possible you may have a Temp folder directly on your D drive as well, if so, empty it too.

If any files cannot be deleted (because they are 'in use' or whatever), try booting into Safe Mode and removing them.

If you have XP Home Edition, you may need to boot into Safe Mode, and log on as Administrator, to access the Administrator files.

And don't forget to do the search for *.tmp and delete those files too.

Do you have any operating …

Before fixing anything with hijackthis, you should put it into it's own folder. You can do this by right-clicking on an empty area of your desktop, select New, Folder; give the new folder a name (such as HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

Then, close all browser windows, scan with hijackthis, and post a new log please.

Try the steps outlined in this thread first:
http://www.daniweb.com/techtalkforums/showthread.php?t=19959

Before fixing anything with hijackthis, you need to move it out of the temp folder it is in into it's own permanent folder (such as C:\HJT\hijackthis.exe)

Optional: BigFix should be set to start manually as it is a resource hog.

Once you've completed the above steps, reboot, close all browser windows, scan with hijackthis, and post a new log please.

Never mind I got it fixed. Thanks.

You have a few other things there that should be fixed, can you post a new log please?

Looks good, but in some places a bit cramped...

I agree, in the forums that have the site info in the left column, and the ads in the right column, the threads in the center seem cramped.

Also, I don't know why, but the font seems to bother my eyes so I can't stay on for very long at a time.

Aannnd... I can't find where the Buddy list is, did it go away or am I missing it?

Other then that, it looks pretty good -- will just take some getting used to.

Oh, were you going to go back to using the background for the signatures? I know some people didn't like it, but I did.

please tell me step by step how to create a permanate file to store hjt from a temp file in

Right-click in an open area on your desktop and select New, and then Folder; give the new folder a name (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into this new folder. You can then open the folder and double-click on hijackthis.exe to run it.

Crunchie will probably have some more ideas, but in the meantime you may wish to try CounterSpy; I've found it to find things most others can't and you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

CounterSpy Settings

At the very top, click on File, and then Check for updates
When it’s finished updating, click the ‘Close’ button

Under ‘Spyware Scan’ on the left, click on ‘Run a spyware scan’
In the left pane, click on ‘Scan Options’
Mark ‘Full system scan’
Check all boxes under ‘Full system scan,’ including ‘Save these options’
In the right pane, near the bottom, click ‘Manage Schedule’
On the left side, select your preferred schedule options
On the right side, under ‘Scheduled Scan Options,’ check:
‘Always run a deep scan’
‘Automatically remove spyware cookies’
Click the ‘Update Schedule’ button

At the top, click on ‘System Tools’
Double-click on ‘History Cleaner’
Check the following options (if they are not grayed-out):
‘Internet Explorer History’
‘Internet Explorer Cookies’
‘Kazaa’
‘Temporary Internet Files’
Review the list for any other ‘History’ items …

Try this:

Go to Start, Run, and type in msconfig. When the new window comes up, click on the Startup tab and look for BigFix in the list; if it's there, remove the checkmark from the box.

If it's not there, click on the Services tab and see if it's in there.

Close msconfig; you will probably need to reboot.

I'd just like to add that you should go to Windows Update to get the Critical Updates for your system. :)