Posts by dlh6213

I don't think you should give up yet, the suggestions given worked in this thread:
http://www.daniweb.com/techtalkforums/thread16951-Admilli+Service.html

But if it didn't work for you, there are other things that can be tried. Did you try uninstalling from Safe Mode? If you want to continue trying, please post a new HJT log.

If you would prefer to reinstall Windows, here are complete instructions:
http://www.daniweb.com/techtalkforums/thread6632.html

If you have a CD (or DVD) burner, you can do that; floppies will work too, but may take several depending on how much data you have to store. What I prefer these days is a USB flash drive, they're inexpensive and can hold a lot of information!

These links may help some as well:

http://support.microsoft.com/?scid=kb;EN-US;Q319230

http://startup.iamnotageek.com/srch-GETRIGHT.EXE.html

Have you defragmented lately?

How much RAM do you have?

How to repair Windows XP:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Before you edit the registry, you should make a backup. At the top of the Registry window, click on the Registry menu, click Export Registry File. In the Export range panel, click All, then save your registry as Backup.

Make the changes you want, then exit the Registry Editor.

Tap (repeatedly) the F8 key while the computer is starting up to get into Safe Mode

Try winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

If it still doesn't work, go to Start, Run, and type in cmd, click OK. Type in ipconfig/all and post all the information that comes up.

Try this:

Reboot into Safe Mode again

Go to Add/Remove Programs and try removing Admilli Service

Go to C:\Program Files and delete the Admilli Service folder

Still in Safe Mode, scan with HJT again and have it fix:

O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

Reboot normally, be sure all browser windows are closed, scan with HJT again, and post a new log

Can't boot into Safe Mode? Here's a thread that should help:

http://www.daniweb.com/techtalkforums/thread17368-boot.ini.html

If you had a bad ground/earth, I think you would have problems all the time, not just booting up.

Have you checked in the Device Manager to see if there are any problems there?

Are you having trouble with just an initial boot (after the computer has been turned off), or with a reboot as well?

Have you run ScanDisk lately? It would be best to run it in Safe Mode, but if you have trouble rebooting, it may not be the best way for you.

It is safe to delete everything in temporary folders. Things that you use, like Adobe, will come back next time you use the program, but are only needed while the program is running.

There are some files and folders that are hidden for safety, but you need to be able to see the ones crunchie told you about in order to clean them out, so, yes, it is safe to do that. After you've cleaned the folders, you may wish to reset to 'hidden.'

Hijackthis should be put into it's own permanent folder (like c:\HJT\hijackthis.exe) so that it and the backups it will create don't get accidentally deleted from the Temp folder it is in now.

You may need to boot into Safe Mode to do the System Restore.

You might find this thread relative to your situation:
http://www.daniweb.com/techtalkforums/thread16365.html

Looks like you went ahead and fixed a few things on your own there :)

Looks good to me, let us know if you have any more problems

G'Day people, I was directed to this site by a friend who wanted to help with my desktop computer problems.

Must have been a good friend :)

Also if anyone knows where I can get a gramaphone repaired and 78 record to play on it let me know..Thanks!

Where are you located? This may help: http://www.bairnsdaleclocks.com.au/repairs.php

My name is Gordon. I used to live on the Upper West Side of New York but I moved to West Seattle. I missed out on two feet of snow, oh my!

I found this site through a client of mine. I need all the help I can get with web development, since it seems that as soon as you know something it changes completely and you are back to knowing nothing.

Hey, you moved from Dani's neighborhood to mine :) Welcome to DaniWeb, and welcome to Washington!

See if posts #25 or #28 in this thread help:

http://www.daniweb.com/techtalkforums/showthread.php?t=10031&page=2&pp=15

hey guys you have to help me , this is very important.
I dont know how suddenly my "folder options" tab inside the "tools" dropdown is gone missing.Not just "folder options" but all the standard options of "Tools" are missing, instead i see options like "Map N/w drive...", "Disconnect n/w drive..." and "Synchronize..."
Please help me, i have my very important files that were made hidden!!

What OS do you have?

There's a link to a free antivirus program here:

http://www.daniweb.com/techtalkforums/thread5690.html

Get it! :)

Okay, Windows Me is your OS; you can right-click on the "My Computer" icon, and then click on Properties, click on the General tab and it should show what Service Pack you have. But I was just asking because SP2 (XP) has a popup blocker in it, since you don't have that, a popup blocker may be a good idea.

I'm not that familiar with all the popup blockers available, before you start using one, I would suggest you ask for recommendations in the Software forum.

Go to Add/Remove Programs in your Control Panel and remove (if found):

Admilli Service
Windows AdControl

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~3.DLL (file missing)
O2 - BHO: (no name) - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [fxdqiwnni] C:\WINDOWS\System32\hnqidaiu.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://download.cnn.com/cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22123a24654dec...ip/RdxIE601.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download....ctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.crazymates.com/ege/download/trial/setup.exe
…

Remember to close all browser windows when scanning with hijackthis (you had IE and Mozilla open when you did that scan).

Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---

I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.

Scan with HJT and have it fix the following entries:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)

Close all windows other then hijackthis before hitting the Fix button

Reboot into Safe Mode

Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe

Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe

Reboot …

Try running ScanDisk (and DiskDefrag) from Safe Mode.

You can get all the protection you need by following the advice, and getting the tools, suggested here:

http://www.daniweb.com/techtalkforums/thread16365.html

http://www.daniweb.com/techtalkforums/thread5690.html

http://subratam.org/?page=software

If you do the things suggested, one popup blocker should be adequate. In most cases I don't think there will be a problem running more than one, but there may be conflicts with some.

Here is one review of AdSubtract:

http://computercops.biz/reviews-134.html

What OS and Service Pack (SP) do you have? Is it XP with SP2?

As long as you use file sharing programs (aka P2P) such as BearShare, you're likely to encounter problems such as the ones you now have.

You need to go to Windows Update to get the Critical Updates for your system. Hold off on SP2, however, until your system gets cleaned up. These updates may have prevented some of your problems. You now have the updates for IE, but you still need the updates for XP.

You have several problems here:

First of all, as long as you use file sharing programs (aka P2P) such as Kazaa, you're likely to encounter problems such as the ones you now have.

Second, you need to go to Windows Update to get the Critical Updates for your system. Hold off on SP2, however, until your system gets cleaned up. These updates may have prevented some of your problems.

Third, you have hijackthis in a temp folder, it needs to be in it's own permanent folder so it, and it's backups, don't get deleted during the cleanup process.

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.

USB is a rectangular plug, PS/2 is the small round connector (mini-DIN); this picture shows an adapter with a USB connector on one end and PS/2 connectors on the other (one for keyboard, one for mouse): http://www.ebusinesscables.com/images/394966.jpg

The "D" shaped connector is a serial port (DB-9); here's a picture of a male DB-9 on one end and a USB on the other end: http://www.coolgear.com/images/usb-serial-prolicif-chipset.jpg

A quick question, I had assumed you were using PS/2 connections since these are most common, but that may have been an incorrect assumption, what type are you using?

If you are using the PS/2 type, are you sure you have them connected to the proper ports (mouse-to-mouse and keyboard-to-keyboard)? It does make a difference. (Make sure the computer is off before connecting or disconnecting the mouse or keyboard.)

It may also help to know what OS you are using.

You may have a faulty PS/2 bus or controller; you can try a USB mouse or keyboard to see if it will help.

You should also follow the suggestions in this thread:

http://www.daniweb.com/techtalkforums/thread5690.html

Then get HijackThis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and past it here in this thread.

This should help, if you still have questions, feel free to ask:

http://www.daniweb.com/techtalkforums/thread6632.html

You also need to go to Windows Update to get the Critical Updates for your system.

[UserFaultCheck] %systemroot%\system32\dumprep 0 -u should be gone after your next reboot, or it can safely be fixed with Hijackthis. More info on this here: http://forums.techguy.org/showthread.php?t=151574

I don't see any problems in your HJT or Norton logs, but you need to wait for someone else to review your Silent Runners log as I'm not familiar with it.

I would suggest you avoid using Internet Explorer until you get your updates installed.

I'd wait for some advice from crunchie or DMR on the Mirc.exe (unless you've done something with it already?); other than that, your log looks clean to me, are you still having trouble with the backdoor thing?

Mirc.exe (Found trojan file: F:\Program Files\Kickchat$cript[2.0]\Mirc.exe (Csr.100) )
is a legit file, but could be infected (I don't think it should have that Csr.100 with it); not sure what to do about that one other than to delete and reinstall it:

http://startup.iamnotageek.com/srch-mirc.exe.html

http://www.liutilities.com/products/wintaskspro/processlibrary/mirc/

http://www.anti-spy.info/process/mirc.exe.html

See this thread for the trojan found on your "C" drive:

http://www.daniweb.com/techtalkforums/thread13362.html

Oh, and you should still follow the recommendations in my previous post, those same entries were found by Trojan Hunter

You should also run ScanDisk, instructions can be found here:

http://www.putergeek.com/scandisk_defrag/index.shtml

If this and Caperjack's suggestion don't resolve the issue, you may need to remove and reinstall SpywareBlaster.

Also, one of the stickies at the top of this forum has a link to the latest, self extracting version of hijackthis. Install that one and try again.

Yes, the version of hijackthis you were running is an older one anyway; you should remove that and get this one as crunchie suggested:

http://www.merijn.org/files/hijackthis_sfx.exe

If you still have a problem, try running it in Safe Mode

You also need to go to Windows Update to get the Critical Updates for your system to help prevent this type of thing. Hold off on SP2, however, at least until your system gets cleaned up.

Before fixing anything with hijackthis, you need to put it in it's own permanent folder, like c:\HJT\hijackthis.exe (you now have it in a Temp folder where it may be deleted). If you have trouble moving it, remove the one you have and get this one that should put itself into your Programs folder:

http://www.merijn.org/files/hijackthis_sfx.exe

As long as you use file sharing programs (aka P2P) such as KaZaA, you are likely to encounter problems such as the ones you have. It is best to go to Add/Remove Programs in your Control Panel and remove KaZaA, and then run KazaaBegone as Caperjack suggested.

Here's some info on isass.exe:
http://www.liutilities.com/products/wintaskspro/processlibrary/isass/

Make sure it's gone:

Reboot into Safe Mode

Open Windows Explorer, go to Tools, and in the Folder Options, select "Show hidden files and folders," and uncheck "Hide protected operating system files."

Delete this highlighted file (if found):

C:\WINDOWS\system32\isass.exe

Reboot normally

Close all browser windows, scan with HJT, and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6A1.exe ] F:\WINDOWS\System32\ope6A1.exe
O4 - HKLM\..\Run: [WinDSNX] F:\WINDOWS\System32\ope6B4.exe
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6AA.exe ] F:\WINDOWS\System32\ope6AA.exe
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6B3.exe ] F:\WINDOWS\System32\ope6B3.exe
O4 - HKLM\..\Run: [dxset.exe] F:\WINDOWS\dxsetu.exe

Reboot into Safe Mode

Delete the highlighted files in these locations:

F:\WINDOWS\System32\ope6A1.exe
F:\WINDOWS\System32\ope6B4.exe
F:\WINDOWS\System32\ope6AA.exe
F:\WINDOWS\System32\ope6B3.exe
F:\WINDOWS\dxsetu.exe

Open Windows Explorer, go to Tools, and in the Folder Options, select "Show hidden files and folders," and uncheck "Hide protected operating system files."

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Cookies
History
Local Settings\Temp
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Empty your Recycle Bin.

Reboot normally, close all browser windows, scan with HJT, and post a new log please. (Let us know if you still have the problem too)

So I did what was recommended and both Adaware and Norton (along with the Panda and TrendMicro) scams all come up clean.

Thank you so much for your help!

Where's the hijackthis log? There may be problems hiding...

By the way, Spybot and Ad-Aware perform similar functions, but have different data bases so it is best to have both. The latest version of Ad-Aware is SE (not 6.0 as you mentioned).

You have hijackthis in a Temp folder; before posting a new log please move it to a permanent folder (like c:\HJT\hijackthis.exe). If you have trouble doing this, you can remove the one you have and get this one that should automatically put itself in your Programs folder:

http://www.merijn.org/files/hijackthis_sfx.exe

tell me what a fresh start is
remember i am not very exper with computers

Not a fresh start, a refresh install (aka in-place upgrade, repair installation, or reinstallation). It is used to repair problems with Windows such as the one you're having. A description and complete instructions are in the link Catweazle gave (http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp)

You should not run more then one software firewall as it may cause problems. It is, however, advisable to have both hardware and software firewalls. Setting up the firewall in your router, and the one in SP2, should offer you optimum protection (but don't be fooled into thinking you are fully protected, nothing can do that!).

Here are a couple of related topics:

http://www.daniweb.com/techtalkforums/thread17527.html

http://www.daniweb.com/techtalkforums/thread16365.html

Can you please post new HJT and Silent Runners logs?

I don't know if you need the file you accidently deleted, but you can probably copy from your XP CD... or your update CD, when you get it, may have it.

How about warning those who have happily been using BASIC for decades that this "Fix" is TERMINAL DEATH for all the thousands of basic progs they may have written!
And once installed it cannot be uninstalled!

A warning, of sorts, is here, in post #39.

Instructions for uninstalling it are in here as well, see post #13.

I ran in safe mode and answered "no" to three surprise questions about merging things into the registry.

What were the questions and why did you answer "no"?