Posts by dlh6213

Hello,

I think it is more important to defend yourself from infection, instead of detecting it.

Eliminate Microsoft Outlook, IE Explorer, and Macros, and you have a good solid start on defense. Run behind a firewall that prevents network intrusion and port compromises. Keep up your patches for all of your operating systems.

I run with Eudora for email, and Firefox / Safari for web work. Open Office for word processing and spreadsheets. Any common viruses that hit my Linux box or Macintosh fall harmlessly aside.

I am liking more and more about AVG, and also work with AdAware for the one Windows box in the house.

I have found cases where Norton took a good week to get ahold of a virus that was running around work here.

Christian

Well said!!

And for defense, I would also like to add SpywareBlaster and SpywareGaurd.

Sorry this got overlooked for the past few days. I don't see anything bad in your log but you may want to move hijackthis to a premanent folder (like c:\HJT\hijackthis.exe) so it doesn't get deleted accidently since its in a temp folder.

Have you defragged lately?

You have a lot of processes running, you may be able to disable some of the ones you don't need running all the time.

As for the popup blocker, I don't think any of them stop everything, but I don't really know which ones are better.

Scan with hijackthis and have it fix the following entries:

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

Try winsockfix and see if it fixes the problem:

http://www.digitalminds.net/index.pl/downloads

Back up all your important data, and then read this thread:

http://www.daniweb.com/techtalkforums/thread6632.html

You need to go to Windows Update and get the Critical Updates for your system; hold off on SP2, however, at least until your system is cleaned up.

You need to get IE6 (Internet Explore 6) and get the Critical Updates for it.

Before fixing anything with HijackThis, you should move it into it's own folder; right-click on your desktop, select New, Folder, and name it something like HJT. Then drag the hijackthis.exe icon that is on your desktop into that folder.

After this is done, post a new log please.

thanks for the help

No problem :), did it work?

You still haven't got the Critical Updates for your system; did you do the Housecall scan yet?

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of
C:\Windows\Temp folder
C:\Temp folder

Do a search for *.tmp and delete everything found

Empty your Recycle Bin

I particularly like the forum-specific unanswered threads :)

Many people say they use Incredimail and have no problems with it. I had it myself and started having trouble after one day, though it may have been a coincidence -- haven't dared try it again :)

Here are a couple of sites that have negative things to say about it, but there are many that praise it as well; probably best to let your friend decide for him/herself.

http://home.earthlink.net/~doniteli/index74.htm
http://www.answersthatwork.com/Tasklist_pages/tasklist_i.htm

What bug are you trying to kick?

Here are a few things you can have hijackthis fix:

R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Any of these that you did not add to your Trusted Zone yourself have HJT fix as well:

O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

And if this is not your ISP, fix it too:

O15 - Trusted IP range: 206.161.125.149

Don't worry if any of these O16's are ones you use, they will come back next time you visit the site... it's just easier and quicker to have HJT fix them all:

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/495a6970/enter.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pr...ctor/WebAAS.cab

Be sure all windows other than hijackthis are closed before hitting the Fix button

After that, scan with HJT and post a new log please.

Before fixing anything with hijackthis, please move it into it's own permanent folder (like c:\HJT\hijackthis.exe) so it doesn't get deleted and so the backups it will create don't get deleted either. Right now you have it in a Temp folder. After you've moved it, please post a new log.

I realize this thread is a little old, but apparently it got overlooked. If you still need help with this, please get the latest version of hijackthis and post a new log.

http://www.degs.co.uk/files/hijackthis.exe

I realize this thread is kind of old, but apparently it got overlooked. If you still need help with this, please get the latest version of hijackthis and post a new log.

http://www.degs.co.uk/files/hijackthis.exe

I realize this thread is kind of old, but apparently it got overlooked. If you still need help with this, please get the latest version of hijackthis and post a new log.

http://www.degs.co.uk/files/hijackthis.exe

I realize this thread is kind of old, but apparently it got overlooked. If you still need help with this, please get the latest version of hijackthis and post a new log.

http://www.degs.co.uk/files/hijackthis.exe

Per post #4:

Go ahead and fix the hijackthis entries noted

Run the free online Housecall scan

Get your Critical Updates for Windows and IE

Try About:Buster again; if it still doesn't work, remove it, download it again, and retry. If successful, post the log.

Post a new HJT log as well

Before fixing anything with hijackthis, please move it into it's own permanent folder (like c:\HJT\hijackthis.exe) so it doesn't get deleted and so the backups it will create don't get deleted either. Right now you have it in a Temp folder.

First try System Restore to go back to a time before you had the problem.

Click Start, All Programs, Accessories, System Tools, System Restore

If that doesn't work, try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Ok, it's in it's own folder.

Sorry, I should have asked you to post a new log after you moved it, can you do so now please?

You can go ahead and do this now if you like; go to Add/Remove Programs in your Control Panel and remove WebRebates (or something similar).

Then go to C:\Program Files and delete the Web_Rebates folder

Before fixing anything with hijackthis, please move it into it's own permanent folder (like c:\HJT\hijackthis.exe) so it doesn't get deleted and so the backups it will create don't get deleted either. Right now you have it in a Temp folder.

Also, I added a link to my first post that I forgot before; please have a look through that.

Before fixing anything with hijackthis, please move it into it's own permanent folder (like c:\HJT\hijackthis.exe) so it doesn't get deleted and so the backups it will create don't get deleted either. Right now you have it in a Temp folder. Please post a new log after you've moved it.

If you like, you can go ahead and do these now:

Go to Add/Remove Programs in your Control Panel and remove (if found):

WeatherBug (or AWS)
Viewpoint

Then remove these highlighted folders:

C:\Program Files\Viewpoint
C:\Program Files\AWS

If you can't get Winsockfix, here are instructions to do it manually:
http://support.microsoft.com/default.aspx?scid=kb;en-us;817571

Note: If you plan to edit the Registry, you should make a backup before making any changes. At the top of the Registry window, click on the Registry menu, click Export Registry File. In the Export range panel, click All, then save your registry as Backup.

As bad as your system sounds, I would recommend reinstalling your Operating System.

If you would prefer to try to fix it, follow the suggestions in this thread and let us know what OS you have:
http://www.daniweb.com/techtalkforums/thread5690.html

Get HijackThis from here:
http://www.degs.co.uk/files/hijackthis.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here.

I tried removing this myself by following the instructions. That didn't work. Can some one who knows what they are doing please give my some help regarding this. Thanks.

Cheyenne!

You can get some info and links to get you started here:
http://www.daniweb.com/techtalkforums/thread14624-Home+Search+Assistant.html

Also get HijackThis from here:
http://www.degs.co.uk/files/hijackthis.exe
and post a log after you've run the HSRemove utility

Disable Ad-aware's Ad-watch before making the changes noted in the last post, and leave it disabled until your system is clean.

Hey Catweazle, any idea what causes these things to change on their own? I recently had a similar problem that my son helped me resolve -- had to go to Tools, Internet Options, Accessibility, and under Formatting, I had to uncheck "Ignore colors specified on web pages." I had never even opened this 'Accessibility' area before, let alone make any changes to it!

I should delete all the files that come up on the highjack this scan?

Is it an incomplete log or was everything deleted??? :eek:

Go to Add/Remove Programs and remove (if found):

AproposClient
slmss
ISTsvc

Do a search for New.net. Note its locations for use later in these instructions

Scan with HJT and have it fix the following entries, be sure all windows other then HJT are closed before hitting the Fix button:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\LIQUID~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [zqxkryv] C:\WINDOWS\zqxkryv.exe
O4 - HKLM\..\Run: [yrzbtp] C:\WINDOWS\system32\earmmw.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

Reboot into Safe Mode and delete the highlighted file or folder (if found):

C:\WINDOWS\Belt.exe
C:\Program Files\Web_Rebates
C:\WINDOWS\System32\bridge.dll
C:\WINDOWS\zqxkryv.exe
C:\WINDOWS\system32\earmmw.exe
C:\WINDOWS\fash.exe
C:\Program Files\Common Files\slmss
C:\WINDOWS\mwsvm.exe
C:\Program Files\ISTsvc

Go to the location noted before and delete the folder New.net is found in

Empty your Recycle Bin

Reboot normally

Follow the instructions here:

http://securityresponse.symantec.com/avcenter/venc/data/spyware.apropos.b.html (don't skip the registry backup part)

Do you know what Ante less itch.exe is for? If not, right-click on it, go to Properties, and give us all the info you …

Please get hijackthis from here:
http://www.spywareinfo.com/~merijn/

Close all browser windows, scan with hijackthis, and post the log here.

...what exactly do u have to look for in these logs to know if there is an issue?

Things that don't belong (like 180ax.exe), then you can use google or other resources to research them
(and find info like http://www.liutilities.com/products/wintaskspro/processlibrary/180ax/)

And of course you need to learn about hijackthis using tutorials such as this one:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

I'm sure there are others, but these are all trusted products:

Ad-aware
GIANT AntiSpyware (now available as Microsoft AntiSpyware)
Pest Patrol
Spybot Search & Destroy
Webroot Spy Sweeper

xoftspy 4.10. i keep it updated

That's okay; versions of Xoftspy prior to 4.0 gave false positives, 4.0 and later are supposed to have corrected that.

Thank you to all! Took a combination of more than one of your advice, but I seem to have finally got rid of it. Halleluya!

You should post a new log so we can be sure you're all cleaned up :)

What version of Xoftspy do you have?

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

FlashGet
Web_Rebates (or similar)
ISTsvc
DAP

Before fixing anything with HJT, do a search for these, note their location, and let us know in your next post:

itch.exe
auto_update_loader.exe
NewDotNetStartup
DAP

After noting those locations, scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jietprhcjua.us/aalco6RSZ...ACWIc95vrA.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - Default URLSearchHook is missing
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [yrzbtp] C:\WINDOWS\system32\earmmw.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\LIQUID~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [zqxkryv] C:\WINDOWS\zqxkryv.exe
O4 - HKLM\..\Run: [HECKBODY] C:\PROGRA~1\PLATFO~1\Ante less itch.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

Follow the advice in BOTH posts :)

Then do this:
Remove Newdotnet, either from Add/Remove programs in your Control Panel, or go here and scroll down to the uninstall tool:
http://www.newdotnet.com/#remove

And there will still be more to do so don't forget to post a new HJT log after you've done all that!

Yeah, what he said :)

Do you have a CD or DVD burner? If so, anything you would like to keep long term should be stored that way.

What size flash drive you get depends on how much you're willing to spend and how much data you intend to put on it. I have a 256MB that I carry around with me, but have never even come close to filling it even half way. I recently purchased a 4GB the I intend to keep near my computer for backups (not connected all the time, only when I want to save something).

The link I gave you in post #14 should have resolved this; here it is again:
http://www.daniweb.com/techtalkforums/thread13362.html

Defrag is safe, it won't destroy your files. Here are a couple of links that explain what it does and how you do it:
http://www.speedupyourcomputer.windowsreinstall.com/part4.htm
http://www.cyberwalker.net/faqs/how-tos/defrag-faq.html

You should probably run ScanDisk too. They will run quicker if you boot into Safe Mode first. If you haven't done it before, they may take several hours to run. If you have more than one drive/partition, you should run them on each one. Just for future reference, the more frequently you run them, the less time it will take. I do mine once or twice a month and it only takes several minutes on each partition. It's also a good idea to run them right before installing any new programs (or Service Packs).

The amount of RAM you have is minimal for most modern games, you should have at least 384MB; as always, the more you have the better off you'll be, get the most you can afford (or that your system will accept).

my comp been acting funny

How is it acting funny?

Windows Update:
http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx

Internet Explorer Update:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&displaylang=en

Please get the latest version of Hijackthis from here (you have an older version now):

http://www.daniweb.com/techtalkforums/thread18768.html

When you get it, make sure you put it in it's own folder, like c:\HJT\hijackthis.exe (not directly on your HDD as it is now -- c:\HijackThis.exe)

Then post a new log

Your log looks okay to me now, what problems are you still having?

Also from Safe Mode, delete this file:
C:\WINDOWS\system32\??oolsv.exe<---

Did you read this thread yet?
http://www.daniweb.com/techtalkforums/thread7370.html

I have a Sony CRX230AD CD-R/RW BUt don't HAve the drivers Where Can I get Them.

Try here:
http://sony.storagesupport.com/cdrw/crx230addwn.htm

Please get the latest version of Hijackthis from here and post a new log:
http://www.merijn.org/files/hijackthis_sfx.exe

See if this thread helps any:
http://www.daniweb.com/techtalkforums/thread13362.html

Did you do the virus scans and run ScanDisk?