Posts by dlh6213

Hi Robbob, welcome to DaniWeb :D

I've split your post into its own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the links below to help prevent reinfection during and after the cleanup process, help you do some basic cleanup yourself, and give you some general advice on the use of HijackThis.

When you get to the last one, follow the instructions in Post #6.

If you need help with any of this, please don't hesitate to ask :)

When you're done, post a new HijackThis log, and please include the header information this time (HijackThis version, Operating System, date scanned, etc.).

As grieving time tends to vary from one person to another, it's difficult to say whether Mrs. Sheehan is still grieving or not especially since she has turned the death of her son, Army Spc. Casey Sheehan, into her own political agenda.

Mr. & Mrs. Sheehan have already met with President Bush, in person, last year, a few months after their sons tragic death (http://www.thereporter.com/republished/ci_2923921).

(The meeting took place near where I live and, as would be expected, was big news around here.)

After that meeting, Mrs. Sheehan said, ""I now know he's sincere about wanting freedom for the Iraqis," Cindy said after their meeting. "I know he's sorry and feels some pain for our loss. And I know he's a man of faith."

So why is she insisting on another meeting a year later??

I am truly sorry for her loss, but I feel Mr. Sheehan, the rest of their family, and the families of so many others that lost loved ones, are handling their losses in a much more appropriate way then Cindy is.

And Catweazle is right, it is the media that is giving this situation so much unwarranted attention.

Scan with HJT and have it fix:

O2 - BHO: (no name) - {FA93E44F-B026-4E28-89BF-33986035EFAD} - (no file)

Other then that, your log looks clean to me, but please post the Ewido log to make sure.

Your log looks clean to me :)

Try running Disk defragmentor, this may help your system run a bit faster if you haven't run it for awhile.

As far as Startup items, I don't know what you want running on Startup and what you don't. From your log, I would say MS Office, MS Money, and Quicken could be removed from Startup.

Go to www.blackviper.com for a complete rundown on what can and cannot be disabled in Windows.

Hi JGZ, welcome to DaniWeb :D

Please follow the recommendations in the links below to help protect your PC (Windows Update, file-sharing, etc.), basic cleanup advice, and information on the use of HijackThis. Note: please review the Hijackthis advice before running the cleanup procedures (you now have HJT in a temp folder and will lose it if you empty that folder).

After you get your Windows Updates (SP1 or SP 1a, don't get SP2 at this time), move HijackThis to its own permanent folder, and run the cleanup procedures, close any open browser windows, scan with HJT, and post a new log please.

Hi Quezl, welcome back :D

Please follow these instructions to remove root.exe:

http://securityresponse.symantec.com/avcenter/venc/data/codered.removal.tool.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html

And here for wpa.exe:

http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.b.html

FireDaemon.EXE is a legitimate program that allows you to run any program as a service. If you didn't install it yourself, it's possible that somebody with malicious intentions installed it to take control of your PC (or to spy on you).

Follow the recommendations and instructions in the links below to help protect your PC (Windows Update), clean your system up a bit, and give you some info on HijackThis.

When you've finished all that, close any open browser windows, scan with HJT, and post a new log please.

I figured cloaker was probably okay in your case. Scan with HJT and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qca7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qca7.hpwis.com/
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.1....s-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.3.1....a-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.1....w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.1....o-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.3.2....l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.3.2....u-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2....1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.1....p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.1....n-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelprocessing.com/S...s/WalletCab.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} …

Still a few more things there to clean up.

Download, update, and then run CounterSpy -- http://www.download.com/CounterSpy/3000-8022_4-10375153.html?tag=lst-0-1

Reboot into Safe Mode.

Do a complete system scan with Ewido, allowing it to clean whatever it finds (note: you will be posting the log from this scan with your next reply).

Scan with HJT and have it fix the following:

O4 - HKLM\..\Run: [uhojqhsf] C:\WINDOWS\uhojqhsf.exe
O4 - HKLM\..\Run: [wviluxwz] C:\WINDOWS\wviluxwz.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close any open windows, other then HijackThis, and hit Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\uhojqhsf.exe
C:\WINDOWS\wviluxwz.exe

Do a search for gglib.exe and delete any instances found.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

Her family has also publicly stated that they do not share her views (http://www.drudgereport.com/flashcs.htm) and her husband has now filed for divorce (http://www.thesmokinggun.com/archive/0815051sheehan1.html).

Welcome to DaniWeb, Atharva :D

Hope you enjoy the site!

Hi H-Coll, welcome to DaniWeb :D

I have a few suggestions, some of which are for XP, so if you have a different OS, you need to let us know.

Try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Try these suggestions as well to possibly correct the connection problem:

WinsockXPFix -- http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/WinsockXPFix/WinsockXPFix.exe

IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Have you checked your firewall settings to see if anything there could be blocking some sites?

You can also try another browser to help determine if the problem is with IE or not. You can get Firefox from here:
http://www.mozilla.org/products/firefox/

And finally, try the suggestions in the links below to see if anything helps.

ne tips would be great

I'm not sure what kind of tips you're looking for, but here's a link to installing XP:
http://www.daniweb.com/techtalkforums/thread6632.html

Hi Cherryl, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below to help prevent reinfections, start the cleanup process, and to find out a bit about HijackThis (like putting it in its own permanent folder).

When you've completed that, and moved HJT, please post a new log.

Since you have an HP printer, cloaker.exe is probably a legitimate file. But to make sure, you can locate the file, right-click on it, select Properties, and give us whatever info comes up (like Company, version, etc.).

Also, go to Windows Update and get SP1 (or SP1a) for both XP and IE (note: do not get SP2 at this time).

Glad to hear it worked, but you should still post a new HJT log and an Ewido log to be sure your system is clean :)

Hi Malacoda, welcome to DaniWeb :D

Please follow the recommendations and instructions in the links below to help protect your PC, and start the cleanup process.

When you get to the third one, go to post #6 and follow the instructions there.

After you've done that, please post a new HijackThis log along with the Ewido log.

This link -- http://www.microsoft.com/windowsxp/homeusers/articles/5tips.mspx -- will show how to:

Stretch the taskbar

Add special characters

Open files with one click

Change your pointer scheme

Change the power button

Hi Technoob,

You've posted the wrong information from HijackThis. You should have a hijackthis.exe icon on your desktop, double-click on this icon to open HijackThis. Then click on the button that says Scan and Save Log. Notepad should open up with the scan results, copy the entire contents of this log and paste it here in this thread.

You should also have a look through the links below for some helpful advice :)

Glad you got it figured out, and thanks for letting us know what the problem was, it may help someone else out :)

Try using System Restore to return your system to a time before you started having problems with it shutting down.

Then see if you can scan with Ewido in Safe Mode.

Post a new HJT log, and the Ewido log if you were able to get one.

Your computer may have come with the OS on a hidden partition; you should have instructions, either on the computer or with the documentation that came with it, on how to create a bootable CD from there.

LimeWire was probably the cause of your problem; I suggest you remove it.

I don't have time to analyze your log right now, but if you follow the suggestions and instructions in the links below, you can get your log cleaned up a bit yourself.

Post a new log when you're done and someone will be along to assist you ASAP.

Personally, I wouldn't consider that a 'newbie' type question.

This may help you some:
http://dept-info.labri.u-bordeaux.fr/~strandh/Teaching/AMP/Common/Strandh-Tutorial/Dir.html

And here is a list of some other sites:
http://www.intelligentedu.com/newly_researched_free_training/Hardware.html

Let's see if I can clarify this...

A controller is a device (hardware), that controls the transfer of data from the computer to another device (printer, monitor, etc.). A controller does not translate information.

A driver is a program (software), and translates information between hardware (devices) and software (programs). A driver does not control the transfer of data.

Since a controller is a device, it requires drivers, just like any other hardware, to translate between it and the program that uses it .

Does that help or just muddy it up some more? :)

hey guys.. i was wondering what is the best program to get to fight against spyware, adware, and trojans... thanks for looking.

No one program can catch everything, you need an 'arsenal' of tools to fight the battle. Check the 'Protection' link below for some advice.

Hi Diabloangelo, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below to help prevent reinfections (don't skip the Windows Updates), start the cleanup process, and to find out a bit about HijackThis.

Then, in the third link, follow the instructions in post #4 (HotOffers Removal).

When you do a scan with HijackThis, have it fix all of the O15 entries.

When you've completed all that, please post a new log.

This should help:

Driver -- http://www.webopedia.com/TERM/d/driver.html

Controller -- http://www.webopedia.com/TERM/c/controller.html

Hi Shlag, welcome to DaniWeb :D

If OS is XP, try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Then try using System Restore.

This could be caused by overheating, have you checked inside for dust lately? And check to see if the fans are operating properly? Be sure to gaurd against damage via static electricity when working inside the case!

Another possibility is bad RAM; have you added any RAM recently? If so, it may be incompatible. If you haven't, there is a possiblity your RAM has gone bad.

You can try an in-place upgrade (aka repair installation) for XP; instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

This appears to be a worm spread via file-sharing (P2P). Follow the instructions here to remove it:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100342

Then try downloading HijackThis again:

http://www.malwareremoval.com/downloads.html

(Oops, sorry crunchie, we did it again :o )

Hi ets, welcome to DaniWeb :D

You have some problems that may or may not be the cause of your problem; please follow the suggestions and instructions in the links below to help prevent reinfections, start the cleanup process, and to find out a bit about HijackThis.

Try these suggestions as well to possibly correct the specific problem you mentioned:

WinsockXPFix -- http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/WinsockXPFix/WinsockXPFix.exe

IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Have you checked your firewall settings to see if anything there could be blocking some sites?

You can also try another browser to help determine if the problem is with IE or not. You can get Firefox from here:
http://www.mozilla.org/products/firefox/

When you've completed all that, and moved HJT, please post a new log along with the current status of your PC.

Hi Fredric, welcome to DaniWeb :D

I'm not among them, but there are many programmers here; I'm sure you will be able to learn and, perhaps, help others :)

Enjoy!

Reinstalling XP that often shouldn't really be necessary.

To reactivate, you should just need to call Microsoft.

Here's a site with some good info:
http://www.pcbuyerbeware.co.uk/ProductActivation.htm

Hi Missinglink, welcome to DaniWeb :D

I'd suggest trying it again, but read this thread first:
http://www.daniweb.com/techtalkforums/thread6632.html

Hi Tuloula, welcome to DaniWeb :D

Sorry for the delay in responding to this; if you're still having problems, please follow the suggestions in the links below and then post a new HijackThis log.

Hi Picasso, welcome to DaniWeb :D

Sorry for the delay in responding to this; if you're still having problems, please follow the suggestions in the links below and then post a new HijackThis log.

Aside from the legal aspects of file-sharing, it is a common method of spreading malware; I suggest you remove Ares.

Update your Norton Antivirus program.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode.

Do full system scans with Norton (first) and Ewido, allowing them to fix whatever they find (note, you will be posting the log from the Ewido scan with your next reply).

Still in Safe Mode, scan with HijackThis and have it fix the following entries:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: hpdj - HP - C:\DOCUME~1\Nadia\LOCALS~1\Temp\hpdj.exe

Close any open windows, other then HijackThis, and hit Fix checked.

Go to C:\Documents and Settings\Nadia\Local Settings\Temp and delete the entire contents of the folder (but not the folder itself).

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with HijackThis, and post a new log along with the Ewido log.

Hi Tobes, welcome to DaniWeb :D

To find out more about the file, go to the file itself, right-click on it, choose Properties, and get whatever info you can on it (Company, Version, date created, etc.); include this information with your next reply.

Follow the recommendations and instructions in the links below to help protect your PC, and start the cleanup process.

After you've done that, please post a HijackThis log in this thread for futher instructions.

By the way, this problem has been brought up before, but the user never posted again after the initial post -- http://www.daniweb.com/techtalkforums/showthread.php?t=23328&highlight=rnappp6.exe

Can you still give people good rep? I would like to do so with the both of you if possible :) Let me know how if we can.

Just click on the little 'scales' symbol next to the post number.

Kaspersky is good, and fast, but I think you would be more satisfied with Nod32; it detects more viruses then most others. Here is a comparison of just about every AV program there is to help you decide:

http://www.virusbtn.com/library/files/4pg_reprint.pdf

Instructions for Crunchie's suggestion can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

muchas gracias amigo...that´s what I like to hear :cheesy:

No problemo :)

Hi Joey, welcome to DaniWeb :D

I only see a couple of minor problems in your log; please review this thread for a proper location for HijackThis:

http://www.daniweb.com/techtalkforums/thread28196.html

While you're there, check out the instructions for (no name)/(no file) and O16 entries.

When you're done, reboot, close any open browser windows, scan with HJT, and post a new log please.

Please follow the instructions in post #6 of this thread:
http://www.daniweb.com/techtalkforums/thread28196.html

Scan with HijackThis and have it fix the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing

Go to C:\WINDOWS\system32 and delete WINNET.dll (if it can't be deleted, try booting into Safe Mode first).

Reboot, scan with HJT, and post a new log please. The log from your Ewido scan could be helpful as well.

I agree with Janine, your log looks clean to me too, but as long as you have HijackThis in a temporary folder, you risk accidently deleting it.

Please follow the recommendations in the links below to help protect, keep your PC clean, and tips on HijackThis use (including a safe location for it :) ).

Multiple instances of scvhost.exe running is normal and does not indicate a problem :)

What was the problem? Your solution may help someone else with a similar problem :)

Your latest HJT log shows a file-sharing program (emule) that wasn't there before. Aside from the legal aspects of file-sharing, it is a very popular way for malware to be distributed; I suggest you remove it.

Did you ever verify if theses IP addresses are related to your ISP? This entry seems to come and go from your logs:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F976B9A0-114F-409C-B79D-208F23A38C34}: NameServer = 62.36.225.150 62.37.228.20

Scan with HJT and have it fix this entry:

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

Remember to close any open windows before hitting Fix checked.

Go to C:\WINDOWS\System32 and delete hwclock.exe
Then go to C:\Documents and Settings\Santiboy and empty the Cookies folder (do not delete the folder itself).

Open Firefox and go to Tools, Options, and then click on Privacy (padlock icon on the left); click on the Clear All button.

Download, install, update, and run the following utilities:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html

CCleaner -- http://www.filehippo.com/download/lixhbccfafpilfwflhddbjzbwcxefhrh/download.html

Update your Norton AV and do a full system scan, allowing it to fix whatever it finds.

Reboot, close any open browser windows, scan with HJT, and post a new log... And let us know if you're still having any problems.

Follow the suggestions in the links below for additional protection and clean up advice.

Yea, the actual viewing area of my 22" is 20"...I feel I have gotten robbed 2" oh well, it still looks great.

I heard TV's do not make good computer monitors, never tried it, can, just never wanted to.

So your 22" CRT has one more inch of viewable area then my 19" LCD, shall we compare desk space, portability, or power usage :)

TV's as monitors... reminds me of my old Commodore128 :)