Posts by dlh6213

Get Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Run Hoster, press Restore Original Hosts, OK, and Exit Program.

Reboot

Delete the contents of all Temp and Temporary Internet folders; do a search for *.tmp and delete all entries found.

Go here to choose a site to download about:Buster from:
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop and run it. Then:

1.) Click "Update"

2.) Click "Check For Update"
(If no new version is available, skip to step 4.)

3.) Click "Download Update", and wait for it to be installed

4.) Click "Start".

(Wait for the initial ADS scan to complete.)

5.) Click "Yes", to shutdown any IE session currently open.

Wait for the about:blank scan to complete

6.) Click "Ok", to scan once more

7.) Click "Yes", to shutdown any IE sessions currently open

8.) Click "Yes", to begin the second scan

9.) Click "Save log" Copy and paste this log back back in this thread (along with a new HijackThis log)

10.) Click "Exit"

11.) Click "Exit"

Close all browser windows, 'scan only' with hijackthis, and have it fix the following entries (if found):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn
R1 …

There are differences between viruses (which include trojans, worms, etc.), adware, and spyware. Until recently, anti-virus programs concentrated on viruses, but some of them are now beginning to include adware and spyware.

Ad-Aware concentrates mainly on adware, while SpyBot does the same with spyware, there is some overlap between the two programs (and some AV programs), but they will all find different things; unless, of course, there's nothing for them to find :)

You need to go to Windows Update and get the Critical Updates for your system (SP1a, hold off on SP2 for now)

Here's some info on Download Accelerator Plus you may be interested in:
http://forum.iamnotageek.com/t-211983.html

Scan with HJT and have it fix the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

If the highlighted IP addresses are not related to your ISP, have HJT fix this entry as well:
O17 - HKLM\System\CCS\Services\Tcpip\..\{79A15216-B879-4D30-8C76-21B59032F50C}: NameServer = 192.168.10.1,172.16.0.1

Be sure all windows, other than hijackthis, are closed before hitting the Fix button.

Reboot, scan with HJT, and post a new log please.

In order for us to best assist you, please get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it here.

That's pretty messed up all right! To start with, go to this thread and use the general cleanup suggestions:
http://www.daniweb.com/techtalkforums/thread5690.html

After that, move hijackthis into a folder so it's not running directly from your hard drive (something like c:\HJT\hijackthis.exe)

Then, post a new log please.

It would probably help us if you could post a HijackThis log; you can get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with HijackThis, copy the log, and paste it here.

Can you post another HJT log please?

When you post the next log, let us know what files McAfee finds and where they are located. It's possible they could be in your Restore folder, in which case that should be cleaned out so you don't reinfect your system should you need to use System Restore.

C:\PROGRA~1\COMMON~1\LOGITECH\QCDRIVER\LVCA.SYS

I do not know about LVCA.SYS. It does not look like a virus to me considering its place in the system.

This is a Dexxa USB Webcam driver for win98.

Start with this:

Go here to choose a site to download About:Buster from:
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop and run it. Then:

1.) Click "Update"

2.) Click "Check For Update"
(If no new version is available, skip to step 4.)

3.) Click "Download Update", and wait for it to be installed

4.) Click "Start".

(Wait for the initial ADS scan to complete.)

5.) Click "Yes", to shutdown any IE session currently open.

Wait for the about:blank scan to complete

6.) Click "Ok", to scan once more

7.) Click "Yes", to shutdown any IE sessions currently open

8.) Click "Yes", to begin the second scan

9.) Click "Save log" Copy and paste this log back back in this thread (along with a new HijackThis log)

10.) Click "Exit"

11.) Click "Exit"

Download and run Locate.zip from http://www.atribune.org/downloads/locate.zip

Unzip it and double click on locate.bat

Post the log here for review.

Did you put the O15 entries in your Trusted Zone?

I've never used SpySubtract, only CWShredder, but apparently it's a good thing you did :) I don't see anything in your log, are you still having trouble?

Cmd.exe is your Command Prompt, do you have any DOS windows open?

These particular items usually require an extra step to remove them, but let's try this first. Scan with HJT and have it fix the following entries:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe

If RIPE Network is not your ISP (195.238.2.22), have HJT fix this one as well:
O17 - HKLM\System\CCS\Services\Tcpip\..\{6222B999-528A-47FC-A279-99A8221E6A8A}: NameServer = 195.238.2.22 195.238.2.21

Be sure all windows are closed, other the HJT, before hitting the Fix button

Go to the following location and remove the highlighted file or folder (if found):

C:\WINDOWS\dxsetu.exe
C:\WINDOWS\winsock.scr

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Reboot, close any open browser windows, scan with HJT, and post a new log please.

BigFix should be set to start manually as it's a resource hog.

There's something running from a Temp folder, any idea what it is? Best to delete it unless it's something you're still working with. (O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE)

Other then that, your log looks fine to me.

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

Viewpoint (or Viewpoint Manager)

Scan with HJT and have it fix the following entries:
(Note: some entries may no longer be here after using Add/Remove Programs)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1104784360468

Be sure all windows are closed, other the HJT, before hitting the Fix button

Go to the following location and remove the highlighted folder (if found):

C:\Program Files\Viewpoint

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Reboot, close any open browser windows, scan with HJT, and post a new log please. Are you having a specific problem, …

I've only used three browsers: Netscape, IE, and Firefox

Netscape was first because, as far as I know, it was the only one available. I didn't really have any problems with it that I recall, but when IE became available, I liked it a bit better; can't say why exactly, like was mentioned previously, just a matter of preference, I guess.

I recently installed Firefox because I had heard it was better and safer. Compared to IE, here are a few things I like and don't like:

First of all, it's noticably slower, which surprises me because most people say it's faster for them. IE + Firefox -

Even though it's slower, I still use it for most browsing because attackers spend less time trying to attack it -- concentrating on the bigger fish, which (for now) is IE. IE - Firefox +

I use "Find on this page" in IE a lot, and I don't like the Find box that pops up in the middle of the document and seems to always be in the way. The same function, called "Find in this page" in Firefox, puts the box down in the task pane out of the way. IE - Firefox +

But, IE will let you know when it get to the end of the page, and then you can choose to search Up if you wish to look through it again. Firefox, although you can choose "Find Next" or "Find Previous," …

I think this would be best in the Windows Software forum, so I've moved it accordingly; if anyone thinks it would be better off elsewhere, PM myself, or another moderator, and we'll consider it.

I don't think you can recover the History that has already been deleted, but you can edit the registry so it can no longer be removed. See regedit #101 here:

http://www.kellys-korner-xp.com/xp_tweaks.htm

Be sure to read their instructions and disclaimer at the top of the page before downloading anything.

The only difference was that the signature was not separated by a background, and therefore gave the false illusion that it was part of the post entity, and you were looking at the post.

I like the new format for this reason; more then once I found myself rereading to see where the post ended and the signature began. I don't think it takes the focus away from the post.

I'm glad we finally got everything cleaned out, that was quite a workout!

I thought that having AVG was enough...

Unfortunately, no one program is enough to protect you from everything out there nowadays. In this thread you've seen just a few of the tools we use to remove malware, there are many more for different infections.

To help protect your system, I suggest you get (if you don't already have them):
Ad-Aware SE
SpyBot Search and Destroy
SpywareBlaster
SpywareGaurd
They're all free and help a lot! But don't let yourself be fooled into thinking you're completely protected!

I'm going to mark this thread as solved, but if any problems come back in the near future, PM one of the moderators to reopen it.

If you haven't done so already, have a look through the other forums here, like the Geeks Lounge, there's more to this site than just computer stuff :)

You should run a scan/fix with KAV anti-virus and Microsoft Antispyware; they're currently the only programs we know of which can actually deal with the infection.

That "we" didn't include me because I wasn't aware of this! Thanks Dave!

Well I can't seem to run the Kav program. I disabled McAfee, it says it's disabled, but Kav still says it's running and my computer locks up.

A couple of things you can try... go into msconfig and disable McAfee from there, or, boot into Safe Mode and try running KAV.

You also appear to have a CWS infection.

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Then, post a new HJT log

I deleted the file on safe mode, anyways i rebooted and it appeared again..
"Locate.bat" only worked in safe mode as well, still the "Report.txt" only have this: C:\WINDOWS\SYSTEM32\DRIVERS\FASTFATS.SYS

That's most likely the file that's causing problems; I did a Google search for it and found nothing -- most legit files will have some info on them somewhere. If you have any doubts, set a System Restore point before deleting it.

After you delete it, reboot and post another HJT log.

Something else detected...

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Then post a new HJT log.

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Then post a new HJT log

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

Go to C:\WINDOWS and delted systb.dll if found

Then post a new HJT log please

Before you fix anything with hijackthis, please put it into it's own folder. To do this, right-click on your desktop, select New, Folder. Name the new folder as you see fit (something like HJT or HijackThis would be good). After you've named the new folder, drag the hijackthis.exe icon that is on your destop into this new folder.

Follow the suggestions in this thread first, there has been a lot of success with it:
http://www.daniweb.com/techtalkforums/thread19959.html

Go to Windows Update to get the Critical Updates for your system -- SP1a (hold off on SP2 for now)

After you've done that, close all browser windows, scan with HJT, and post a new log please.

I found something else...

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Download CWShredder from here:

http://www.intermute.com/spysubtract/cwshredder_download.html

Unzip to your desktop, run it, and then:

1. Click "Check For Update"
(If an update isn't available, skip to step 4)

2. Click "Click here to Download the upate"

3. When the new version has been downloaded, click "Save"

4. Click "Fix"

If it asks you to verify any files to be deleted, either do a Google search for it/them or ask us here before deleting.

Post a new HJT log after running CWShredder

Try using System Restore to return your system to a time before you started having problems; and/or post a HijackThis log in the Virus forum along with a description of your problem.

I have a question... why is the kmvkkr.exe file there when I start in safe mode but when I reboot normally, that file is nowhere to be found?

I'm afraid I can't answer that, but try this to delete it:

Reboot into Safe Mode

Open hijackthis and go to Misc Tools

Click on the Delete a file on reboot... button and paste C:\WINDOWS\system32\kmvkkr.exe into the line. When asked to reboot, do so (in normal mode)

Scan with HJT and have it fix the O1 entries again, then post a new log

Reboot into Safe Mode

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tzqcu.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1C58A84B-45A2-EFC7-E9A0-8DEC2B4EB4A3} - C:\WINDOWS\crlp32.dll
O4 - HKLM\..\Run: [d3gc32.exe] C:\WINDOWS\d3gc32.exe
O4 - HKLM\..\RunOnce: [ieeb.exe] C:\WINDOWS\ieeb.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipba.exe (file missing)

Go to the following locations and delete the highlighted file:

C:\WINDOWS\crlp32.dll
C:\WINDOWS\d3gc32.exe
C:\WINDOWS\ieeb.exe

Reboot normally

I'd like to suggest another program for you to try, I've found it can find things most other programs can't.

It's called CounterSpy and you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

Get IEFix from here:
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

If there's still no improvement, try Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program.
Note that if you have a custom host file, this will remove it. You can edit the host file with this program too.

Reboot

Let us know the results.

To use PM (Private Message) here, click on the users name, and then 'Send a private message to...

Check your email for the fixes.

Have HJT fix this entry:
O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Download and run Locate.zip from http://www.atribune.org/downloads/locate.zip

Unzip it and double click on locate.bat

Post the log here for review.

(Thanks DMR)

Ok, it did the same thing that is has been doing, but after the tenth or so box, it stopped. I don't think that it is fixed, however.

I'm not sure what you mean by this, can you please clarify? Are you having trouble with anything other than MS updates?

What OS are you using? If you PM me your email address, I'll try sending them to you.

Hi Jayboy, welcome to DaniWeb :)

Since a virus is suspected, I've moved this thread to the appropriate forum.

Get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, copy and paste the log into this thread.

im trying to learn where to post replies and what a thread is and how to use it. please bare with me... Im not sure what quote message in reply means. Help

You're doing all right, the 'quote message' was referring to a quote that was in your post when I first split it, but I've deleted it now so it is no longer there.

Do you have access to another computer where you can download and save those fixes to a disk or usb drive?

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop

Be sure all windows are closed, other than hijackthis, before hitting the Fix button.

Reboot. You'll probably get a message to send an error report, choose either option if you do.

Try going to Windows Update again and let us know what happens.

Close all browser window, scan with HJT, and post a new log please.

That log does indicate some cleaning is necessary, but before you fix anything with hijackthis, it needs to be in it's own folder. To do this, right-click on the desktop, select New, Folder; give the new folder a name of your choosing (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on the desktop into this new folder.

Now, after you've moved it, close all browser windows, scan with HJT, and post a new log please.

Any of these links will explain how to remove it:

http://vil.mcafeesecurity.com/vil/content/v_100716.htm

http://www.sarc.com/avcenter/venc/data/spyware.loverspy.html

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078316

Hi Comp Ilit., welcome to DaniWeb :)

I understand your frustration with malware, but please don't take it out on us, we're here to try and help (your title sounds rather demanding, which may put some people off, preventing you from getting the help you seek).

Before anything else, try the steps in this thread; it's had quite a bit of success:
http://www.daniweb.com/techtalkforums/thread19959-hotoffers.html

You also need to put hijackthis into it's own folder; to do this, right-click on your desktop, select New, Folder. Give the new folder a name of your choosing (something like HJT or HijackThis would be good), and then drag the hijackthis.exe icon that is on your desktop into that new folder.

Whenever you scan with hijackthis, make sure all browser windows are closed.

After following the steps in the above link, close all browser windows, scan with HJT, and post a new log please.

Run LSPFix again
1. Check "I know what I'm doing".
2. One at a time, click on (highlight) each occurance of dolsp.dll, and then click ">>" to move it to the 'Remove' pane.
4. Double-check to make sure that only the above file is in the 'Remove' pane, and that all instances of it have been moved there (four according to the above log).
5. Click "Finish >>"

Reboot into Safe Mode

Scan with HJT and have it fix the following entries:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\kmvkkr.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dll
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Go to the following location and delete the highlighted file or folder:

C:\WINDOWS\system32\kmvkkr.exe
C:\WINDOWS\isrvs

Reboot normally

Close all browser windows, scan with HJT, and post a new log please. I'm afraid some of these may return so I'm going to enlist the help of one of the other moderators here.

Reboot into Safe Mode

With all browser windows closed, scan with HJT and have it fix the following entries:

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

Go to the following folders and delete the highlighted file:

C:\WINDOWS\dlmax.dll
C:\WINDOWS\farmmext.exe

Do a search for efbiwte.exe and delete any instances found

Reboot normally, close any open browser windows, scan with HJT, and post a new log please

Also the quote you have in your post ,why is it there is it related to you problem .

Because I split this from another (old) thread :)

But I removed it now so no one will know what we're talking about, lol

(Here's the original if anyone is really interested: http://www.daniweb.com/techtalkforums/thread1053-Re%3A+Internet+Explorer+will+not+download.html)

Hi Southernneonser, welcome to DaniWeb :) I'm sure you'll fit in just fine around here.

I split your post into it's own thread; we ask that all new problems be started in a new thread regardless of how similar it may be to another one.

Your problem could be due to some firewall or other settings, but before going in to that, try these utilities and see if there is any improvement:

Get IEFix from here:
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

If there's still no improvement, try Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program.
Note that if you have a custom host file, this will remove it. You can edit the host file with this program too.

Reboot

Let us know the results.

You probably need to do more to completely get rid of Newdotnet, and will most likely need LSPFix to correct some of the damage it has done.

In order to best figure out what is happening on your system, you should get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Then, close all browser windows, 'Scan and Save Log' with hijack this, copy and paste the log here in this thread.

What you are discribing could be you processor fan getting dirtier and dirtier ,and causing you process to over heat and shutdown !! turn off computer open case and have look , if it looks clean leave the case off and run computer and see if it still freezes ,with the case open it won't get so hot .

Good suggestion! Try that first :)

Have a look at this thread, http://www.daniweb.com/techtalkforums/thread5690.html, and run the free 'online virus scan.'

Get HijackThis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it into a new thread in the Virus forum.

You may also find this thread helpful/interesting:
http://www.daniweb.com/techtalkforums/thread16365.html

If you have a Windows 98 boot disk, just boot to that and use fdisk to delete all the partitions, reboot, and then use format.

If you don't have a disk, you can try to get one from someone you know, or from here:
http://www.bootdisk.com/bootdisk.htm

As for the low-level formatting, you can get more info here:
http://www.ariolic.com/activesmart/low-level-format.html