Posts by dlh6213

A fresh installation is generally preferred. If needed, you can find complete instructions here:
http://www.daniweb.com/techtalkforums/thread6632.html

Read this before you reinstall so you can prepare your system to go online before actually doing so:
http://www.daniweb.com/techtalkforums/thread16365.html

You need to have your system set to Show hidden files and folders

Click Start

Open My Computer

Select the Tools menu and click Folder Options

Select the View tab

Under the Hidden files and folders heading select Show hidden files and folders

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm

Click OK

(Again, you may need to do this on each drive)

At current Microsoft anti-spyware is a repackaged application they purchased elsewhere.
It's provided as-is while Microsoft is working to update and enhance it.

If it doesn't remove some things, blame the original developers rather than Microsoft...

Of course many anti spyware tools (especially free versions) tend to have a lot of false positives in order to scare people into spending money on the full product.
As Microsoft AFAIK has no intention of making money out of their product, they don't have a need for such shady tactics.

CounterSpy and Microsoft Antispyware are both based on Giant's anti-spyware, yet CounterSpy will find things the Microsoft version will not.

Shady tactics are the backbone of Microsoft's financial status.

Additional notes... Be sure CounterSpy (should you decide to try it) and Kazaabegone scan all drives (C, D, E, and F); and clear the temp folders for each of those drives as well (not just the C drive as stated in my prior post).

An example of the path to a temp folder would be:
D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp
Delete the entire contents of the Temp folder, but not the folder itself (make sure you have your system set to show 'Hidden files and folders').

Yes Logical and a warning for those with microsoft antispyware loaded .don't load the other ,main difference is CounterSpy workes with 98 microfts doesent .

For another important difference, see my post in this thread:
http://www.daniweb.com/techtalkforums/showthread.php?p=108725#post108725

Pete, are you still having problems?

How many ‘vendors’ can ‘convince’ Microsoft to allow their adware/spyware? Some interesting articles can be found at the following websites (a paragraph or two from each one immediately follows the link):

http://www.pchell.com/reviews/msantispyware.shtml
“Out of curiosity, I ran Ad-Aware SE and SpyBot Search and Destroy after MS Antispyware said it was completely spyware free. Ad-Aware still found 145 instances of registry entries, cookies, and files remaining that needed to be quarantined, while SpyBot found 109 problems remaining.

“Microsoft's Antispyware utility is a solid start for the giant software company; however it didn’t completely remove several threats and left Hotbar completely intact. As expected, Weatherbug was also left on the machine. However, its failure to remove some programs put it currently a notch below Lavasoft's Ad-Aware SE Personal in my opinion.

http://www.techdirt.com/articles/20050110/0044223_F.shtml
“While certain adware companies have been looking to bribe anti-spyware companies into taking them off the list, Broadband Reports wondered how Microsoft would respond to such an approach. Already, the company faced just such a question, as the anti-spyware software identifies Weatherbug as a possible threat. Weatherbug, of course, used to be a big adware provider, but claims that they've reformed from their earlier ways and no longer do such things. As such, they were peeved about the classification -- even if it's described as a small threat. Microsoft quickly backed down and agreed to remove Weatherbug from the list.

http://www.eweek.com/article2/0,1759,1749409,00.asp
“A Microsoft spokeswoman said …

Here are a few more things you can do to help clean up your system:

Go to Add/Remove Programs in the Control Panel and remove Kazaa (if you haven't already), and then get Kazaabegone to remove all remnants of kazaa:
http://www.spychecker.com/program/kazaagone.html

Before running Kazaabegone, download LSPfix from:
http://www.computercops.biz/downloads-file-334.html (the process of getting rid of Kazaa sometimes messes up the internet connection and this will allow you to restore it).

Run Kazaabegone; if your internet connection is lost, start LSPfix.
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
That will restore all previous settings.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves; if you can't do it while in 'normal' mode, boot into Safe Mode):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Try CounterSpy, you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install …

Close all browser windows, scan with HJT, and have it fix the following entries:

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe

Co to C:\WINDOWS and delete IEXPLOR.exe, be careful not to delete IEXPLORE.exe

You may wish to set BigFix to start manually as it is a resource hog.

Reboot, close all browser windows, scan with HJT, and post a new log please.

Reinstall is the basis of this fix by Norton:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/d3c44a1678bd8f45852566aa005902cb/ad263112bfad9e9088256e1c0069b732?OpenDocument&src=bar_sch_nam

I'd like to suggest another program for you to try, I've found it can find things most other programs can't.

It's called CounterSpy and you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

CounterSpy Settings

At the very top, click on File, and then Check for updates
When it’s finished updating, click the ‘Close’ button

Under ‘Spyware Scan’ on the left, click on ‘Run a spyware scan’
In the left pane, click on ‘Scan Options’
Mark ‘Full system scan’
Check all boxes under ‘Full system scan,’ including ‘Save these options’
In the right pane, near the bottom, click ‘Manage Schedule’
On the left side, select your preferred schedule options
On the right side, under ‘Scheduled Scan Options,’ check:
‘Always run a deep scan’
‘Automatically remove spyware cookies’
Click the ‘Update Schedule’ button

At the top, click on ‘System Tools’
Double-click on ‘History Cleaner’
Check the following options (if they are not grayed-out):
‘Internet Explorer History’
‘Internet Explorer Cookies’
‘Kazaa’
‘Temporary Internet Files’
Review the list for any other ‘History’ items you wish …

Sorry you're having so much trouble; file sharing may be the source of it.

I'd like to suggest another program for you to try, I've found it can find things most other programs can't.

It's called CounterSpy and you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

CounterSpy Settings

At the very top, click on File, and then Check for updates
When it’s finished updating, click the ‘Close’ button

Under ‘Spyware Scan’ on the left, click on ‘Run a spyware scan’
In the left pane, click on ‘Scan Options’
Mark ‘Full system scan’
Check all boxes under ‘Full system scan,’ including ‘Save these options’
In the right pane, near the bottom, click ‘Manage Schedule’
On the left side, select your preferred schedule options
On the right side, under ‘Scheduled Scan Options,’ check:
‘Always run a deep scan’
‘Automatically remove spyware cookies’
Click the ‘Update Schedule’ button

At the top, click on ‘System Tools’
Double-click on ‘History Cleaner’
Check the following options (if they are not grayed-out):
‘Internet Explorer History’
‘Internet Explorer Cookies’
…

Have you tried it in Safe Mode yet?

It should have come with drivers for Win98; if it didn't, does the manual tell you where to download them from? If you go to the manufacturers website, you can probably find them there.

To set BigFix to start manually:

Open your Control Panel, go to Administrative Tools, and open Services. Maximize the size of the Services window that pops up and scroll down the list to BigFix; right-click on it and choose Properties. About the middle of the window that comes up, you should see Startup type: Use the drop-down arrow to select Manual.

In addition to getting a firewall, asap, get SpywareBlaster (link in Crunchie's sig) and keep it updated.

That log is looing better all the time :)

Scan with HJT and have it fix the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab33902.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/de...aploader_v5.cab
O23 - Service: vnwbyctjilblndm - Unknown owner - C:\WINDOWS\System32\jilblndm\vnwbyct.exe (file missing)

Be sure all windows, other then hijackthis, are closed before hitting the Fix button.

Go to C:\WINDOWS\web and delete related.htm (if found)
Go to C:\WINDOWS\System32 and delete the jilblndm folder (if found)

Reboot, close all browser windows, scan with HJT, and post a new log please

so theres nothing i can do apart from buy a new windows xp cd???

The only other thing would be to find the one you lost.

After you reinstalled XP, did you reinstall all the motherboard drivers?

You should either install the drivers from the disk that came with the router, or from here:
http://kbserver.netgear.com/support_details.asp?dnldID=503

Hi buckhuckle, welcome to DaniWeb :) and welcome to the world of broadband (DSL) :) :(

As soon as possible, you should protect yourself by installing a hardware firewall router such as one made by Linksys, SMC, or Netgear.

Before fixing anything in your hijackthis log, you should put it into it's own folder; to do this, right-click on your desktop, select New, Folder, and give the new folder a name of your choosing (HJT or HijackThis would be good). Then, drag the hijackthis.exe icon that is on your desktop into this new folder.

After you've moved it, close all browser windows, scan with HJT, and post a new log please. If you have anything disabled in msconfig, enable it before you scan.

FYI -- BigFix should be set to start manually as it's a resource hog.

I don't see any problems in your log; the link DMR gave you doesn't work for me so I'm not sure what you've tried already. Is it possible this is due to a firewall or other security setting?

Yes, that could be the problem, have HJT fix this line and see if it helps:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hugason.com

Crunchie gave be a bit more advice, try this:

Download StartDreck from here:
http://www.niksoft.at/download/startdreck.htm

Unzip to its own folder and start the program

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Post the log in this thread.

Might want to try this too;

Download CWShredder 2 from:
http://www.intermute.com/spysubtract/cwshredder_download.html

Run it and press the *fix,* not scan, and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.

Download 'SpSeHjfix111' from here:
http://www.derbilk.de/404.html

Download it to your desktop and then right-click a blank part of desktop and select New, Folder; call it spfix, and then unzip the file into that folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.

Run 'SpSeHjfix'. and click on "Start Disinfection".

When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT …

I would suggest trying this first:

Get IEFix from here:

http://www.majorgeeks.com/download4467.html

After you run it, repost and tell us if the problem still persists.

Those are lower case Q's, not G's; it's qooql, instead of googl, try doing some searching on your system for that.

I don't know how you got Xoftspy from the link I gave you, but try going here:
http://www.spywareinfo.com/~merijn/downloads.html
Scroll down to Official downloads, and then down to HijackThis. Choose any one of the seven sites listed to download it from.

Do you have any messenger services (like Yahoo, AIM, MSN, etc.)? We may be able to transfer the HJT file that way if you still can't get it onto a floppy.

So does the rep points start at 0 or 10? When I had my first rep 2 weeks ago I had 11 points.

When you join DaniWeb, you start with 10 rep points, and it can go up or down from there depending on the feedback you're given (yes, it can go into the negative numbers). When someone adds to (or takes away from) your rep, the amount that it changes depends on the rep of the person giving it; I'm not sure of the scale, but someone who has 10 or less will not change your score -- 11 or more will add at least 1 point, and the highest I've seen added at one time is 5 points.

I doubt if you could deliberately reinstall it even if you wanted too, but don't do it! This is a browser hijacker and needs some specialized removal tools.

I'm going to move this to the Virus forum as that is where we deal with problems of this sort (if you do a search on DaniWeb, you'll find others with the same problem).

First, go to this thread and use the tools recommended there such as CWShredder, free online virus scan, etc.
http://www.daniweb.com/techtalkforums/thread5690.html

Then, get HijackThis from here:
http://www.spywareinfo.com/~merijn/

After you install hijackthis, 'Scan and Save Log' with it; when it's finished, a log will pop up; copy the entire contents of the log and past it here.

Yeah, all those spaces shouldn't be there; but the log looks clean to me too. Marking this as solved.

Have a look around the rest of the forum, there's a lot here :)

I sent dlh6213 an address of a friend that will download hjt and save it to a floppy for me to run on my machine. Hopefully this will be the beginning of my computer recovery. Thanks

I tried sending it to her twice, and both times I got a message saying it couldn't be delivered because it was a bad address. Can you just have her download it for you and put it on a floppy? Here's the website:
http://www.spywareinfo.com/~merijn/

There are numerous suggestions here for getting rid of this nasty pest, but Reply #27 is the one I think I would try first if I were you:

http://www.computing.net/windowsme/wwwboard/forum/45241.html

You should also run about:buster and Hoster again

Boot into Safe Mode and then go to Add/Remove Programs and try to remove it.

What program is it and how do you know it's causing problems?

Crunchie, L2MFIX has been run, with DMR's guidance, but I don't think VX2Fix has been yet.

I'm waiting for the opinions of a couple other mods here as what the best direction to go would be. If a reinstall is deemed the best solution, we will help you with backing up and reloading.

If you had access to another computer where you could download some utilities, it would be very helpful... maybe a library or friend?

Edit -- what Caperjack said might work, I don't know much about OE.

<I've moved your thread to the appropriate forum>

You're obvioulsy not 'clueless' about computers; I too am impressed with your regard for your computer and willingness to learn.

Your log is not excessively long; all logs are different, some longer, some shorter... your's falls into a fairly average length.

Before fixing anything with HijackThis, it needs to be in it's own permanent folder. I usually suggest a folder like c:\HJT\hijackthis.exe, or, if you have an icon on your desktop for hijackthis, you can do this: right-click on your desktop and select New, Folder; give the new folder a name of your choosing (HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

Try these fixes to see if you can get IE working:

Get IEFix from here:
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

Then, close all browser windows, scan with hijackthis, and post a new log please.

Hey Crunchie! Welcome back! We've missed you!!

Thanks for picking this up, it's been rather frustrating. Is l2m the same as Look2Me? I suspected this before but didn't know how to go about fixing it, so I'll be paying attention here :)

Try using System Restore to set your system back to a date before you started having problems.

Is there any error code that comes up with that message?

Hey Dave, he had another thread going on this ( http://www.daniweb.com/techtalkforums/thread20949.html ), but couldn't download HJT; I tried to email it to him, but his Outlook Express wouldn't allow him to open it, saying it was a harmful file.

He doesn't have access to another computer to download to, so I suggested he post the above log so we could see what's going on (and it's not pretty!).

I'm open to some suggestions here; should we try to attack the bad files manually, email him some tools (if OE will let even let him open them), or is it time for a reinstall?

Try this again:

Open hijackthis and go to Misc Tools

Click on the Delete a file on reboot... button and paste C:\WINDOWS\system32\kmvkkr.exe into the line.

When asked to reboot, do so... hopefully it will work this time.

(You appear to be the only person that has this kmvkkr problem; if you do a google search for it, your posts are the only things that come up! Don't you feel special?)

Don't remove alg.exe! More info on it here:
http://www.liutilities.com/products/wintaskspro/processlibrary/alg/

Read this thread, it may help:
http://www.daniweb.com/techtalkforums/thread16365.html

Get HijackThis from here so we can help with whatever the real problem is:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, copy and paste the entire log here in this thread.

You should post another log for a final check :)

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

Toolbar
WinTools
Media Access ( or MediaAccK)
Ebates_MoeMoneyMaker (or something similar)
VBouncer (or VirtualBouncer)
SurfSideKick 2
MyWebSearch (or WebSearch)
Internet Optimizer (or Optimize)
BullsEye Network (or Bargains)

Scan with HJT and have it fix the following entries:
(Note: some entries may no longer be here after using Add/Remove Programs)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Be sure all windows are closed, other the HJT, before hitting the Fix button

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your …

This is all I see in your log:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipba.exe (file missing)

And these if you didn't put them in your Trusted Zone yourself:
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

Go to C:\WINDOWS\system32 and delete ipba.exe, if found

Are you still having trouble?

Go to the Virus forum ( http://www.daniweb.com/techtalkforums/forum64.html ), and click on the New thread button to start a new thread (just as you did when you started this thread).

Copy the entire HijackThis log and paste it into the text box, along with a description of the problem(s) you are having.

Is there a list of bad companies or something posted somewhere?

I'm not exactly sure what you mean by this, but SpywareBlaster will put a list of known bad websites into the Restricted zone of your browser.

Just FYI, here's a list of rogue 'spyware' companies:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please tell more about the change in the Registry, since I couldn't make any change there. If you can please be more specific about the changes in the Registry.

Yes, I use DAP.

After all these, I scanned the system with Norton and it detects a file bridge.inf in the c:/windows/downloaded program files infected with Adware.WinFavorites, but it cannot delete the file. But when I wanted to delete the file manually, I found there are no such file present in the folder.

(It's been so long since I've used Win98, I had to get out the old textbook for some of this, lol!)

Be sure you have your system set to show all files:
Double-click the My Computer icon
On the View menu, click Folder Options
On the View tab, uncheck Hide file extensions for known file types
In the Advanced Settings box, under the "Hidden files" folder, click Show all files
If you get a warning message, click Yes.
Click Apply
Click OK

Now, use Find all files to search for bridge.inf (let it search all drives/partitions you have), and delete all instances found

Before making any changes to Registry Editor, you should back up the entire registry:
Click Start, and then Run; type scanregw, and then click OK
When you receive a prompt to back up the registry, click Yes
When you receive the "Backup complete" message, click OK

To access the Registry Editor, …

When you ran it in Safe Mode, even though it took so long, was it successful? If you can't even run it in Safe Mode, or if it finds errors it can't fix, your drive may be failing. If it did finish, and fixed any errors (or didn't find any), you should be able to defrag from Safe Mode as well.

You have a lot of similarities to this thread:
http://www.daniweb.com/techtalkforums/showthread.php?p=106786#post106786

Try the suggestions there and then post a new log. If you have questions about anything, feel free to ask.

Try the suggestions in this thread first, if you don't understand anything, feel free to ask for clarification:
http://www.daniweb.com/techtalkforums/thread19959.html

After that, get HijackThis from here:
http://www.spywareinfo.com/~merijn/

After you download it, double-click the icon on your desktop to open it, and hit the 'Scan and Save Log' button. After it scans your computer, a log will pop up; copy the entire contents of this log and paste it here.

I run mine frequently and about the only time they find anything is after an update, and it's usually something that's been on here for a long time. If you keep finding things, even after fixing them, you may have an infection that is causing things to be recreated.

Just wondering if you got to this before it was too late?