Posts by DMR

By default, Easy CD Creator uses the Windows TEMP folder to store copies of the music files IIRC. You should be able to find exactly how and where your particular install of Easy CD Creator is storing the files by having a look through the program's preferences/options settings.

Which exact version of Knoppix? Depending on the version, it may or may not have built-in support for your particular NIC and sound card.

There are some Windows updates which are incompatible with certain system configurations, and will cause that exact behaviour if the updates are installed. Unfortunately, if you installed 32 updates, it will a bear to figure out exactly which one is the culprit. :(

First of all- can you boot the computer into Safe Mode, or will it not even do that?

To get in to Safe Mode:

Reboot your computer, and then repeatedly hit F8 while it's booting up. A menu will be displayed which will give you several options. Select Safe Mode, and press Enter.

Hi JenEWoman, welcome to DaniWeb :)

The way your post is worded, it sounds like you're associating the LOP infection with the installation of the Yahoo toolbar. Just to clarify: the Yahoo toolbar does not infect you with LOP.

1) Please do the following so that we can get a better idea of just what is going on:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Hi carly_sue, welcome to DaniWeb :)

To begin with, please do the following:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Sorry for the delayed response-

I see that you've worked over the spyware issues and a couple of other suggestions in your thread at AumHa, so I won't have you repeat any of that here.

Question: is there any specific/detailed information in the page fault error? Please post the full and exact text of the details if they exist.

Your log indicates more than just the about:Blank infection. Please do the following:

You will need to disconnect from the Internet for some of the following, so you'll need to print out the following instructions, or save them into a text file with Notepad.

1. Download and run these specific about:blank/Home Search/etc. removal tools (before scanning/fixing with about:buster and CWShredder, use their online update features to make sure you have the most current updates installed):

CWShredder - http://www.intermute.com/spysubtrac...r_download.html
about:Buster - http://www.majorgeeks.com/AboutBuster_d4289.html
HSRemove - http://www.majorgeeks.com/HSRemove_d4286.html
Sp.html-Se.dll Hijack Fix - http://www.majorgeeks.com/Sp.html-S...00XP_d4617.html

2. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

3. Download, install, and run the following detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Security Suite - http://www.ewido.net/en/download/
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

4. Reboot into safe mode (you get …

I see at least a couple of malicious components in your log.
Just deleting those entries with HijackThis won't remove all pieces of the infection(s) though, so please do the following:

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following two detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

Note: If you initially receive a warning message from ewido saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update". After the update completes, run the full system scan.

3. Once you've done the above, run HijackThis again and post the new log. Also post the scan report log that ewido generated.

There are no signs of About:Blank (or any "nasties", for that matter) in your log. Do you have any reason to suspect that you may still be infected?

After updating and installing service pack 2 for Windows XP my Kaspersky anti virus program just won´t work anymore. Why?

Upgrading to Service Pack 2 breaks versions 4.5 and 5.0 of KAV; it's a documented issue.

Try downloading the latest version of KAV from Kaspersy's web site.

Those could certainly be signs of a virus, spyware, etc.

Please do the following to give us a better idea of what (if any) "unwanted guests" have infected your computer:

Download the (free) HijackThis utility.

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

1. Download About:Buster

- unzip/extract the downloaded zip file into its own folder.
- Open AboutBuster.exe, click "Update" to download the latest updates, and then close the program. Do not actually run the program yet.

2. Download Sp.html-Se.dll Hijack Fix for Win 98.

- unzip/extract the downloaded zip file into its own folder.

3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Run AboutBuster and click on "Begin Removal". Allow it to perform its scan/removal and then close the program.

- Run Sp.html-Se.dll Hijack Fix and click "Start Disinfection". Close the program when the scan has completed.

4. Reboot normally, run HijackThis again, and post the new log.

Your log shows no signs of infections, soooo...

1.

...and it will give an error message when I reboot the computer.

Please give us the full and exact error message if possible.

2. Use the Event Viewer utility in your Administrative Tools folder to view your System and Application log files. Look through the logs to see if there are any errors or warning messages which might relate to the program hangs. If you find such messages, double-click on them to display the message details and post those details here.

Hi minicoop,

Your current log definitely shows an About:Blank infection, but before we dig in to that:

You are using a much older version (1.97.7) of HijackThis. Please download the latest version (1.99.1), run it, and post the log that it generates. The latest version probes more areas of your system than earlier versions, meaning that it will also reveal more malicious components than earlier versions.

I don't see anything in your log which would account for any problems, sooo...

My friend told me he clicked a link in my AIM profile and it messed up his computer.

"Messed up his computer" in what way? Please be specific.

I checked my AIM profile and whatever file that is doing it is on my laptop and desktop.

What is the exact name of this file? How did you come to the conclusion that this file was causing the problem?

jimnbcc,

Please follow swatkat's advice:

Please start a new topic and post a new HijackThis log in that topic only. You can start a new topic in Viruses, Spyware and other net nasties section by clicking the "New Topic" button at the top-left corner of that page.

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hypothetically speaking of course...

Sorry man, but there's no hypothetical here as far as that one goes- we can't and don't support pirated or otherwise illegally-obtained software; it's our butts on the line if we do. :(

Did you find anything possibly useful in the Event Viewer logs?

That's a clean log, but it does indicate one thing: the following header information in your HJT log shows that your versions of Windows XP and Internet Explorer are very out of date:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Please use Windows' Automatic Update feature to bring your system up to date; many of the updates you're missing address/fix security loopholes and other bugs. I definitely wouldn't suggest going all the way to Service Pack 2 until we're sure that your system is stable, but you need to at least upgrade to Service Pack 1 with all of its most current critical updates.

Once you've done that, the upgrades/updates should be reflected in your HJT log's header info as follows:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Since malicious programs don't immediately appear to be the cause of the crashes, open the event viewer utility in your Administrative Tools folder and have a look through your System and Application logs for any error or warning entries. Double-clicking on any of the entries will open a window with more specific info on the fault; post the full and exact contents of any such messages which might appear to relate to the problems you're experiencing.

Please post the full and exact text of the error message you get; your log is clean.

Cheeee,

I guess I'll have to pore thru a few l2mfix logs at this site, until I make something out of it.

Yeah- that's pretty much the way to do it. You'll get the hang of it after a bit...

Your log indicates at least three malicious infections. The log also indicates that you are using filesharing/P2P software, which is a great way to invite infections on to your system. :(

Please do the following:

A. Open your Add/Remove Programs control panel and uninstall any of the following programs if listed there:

WeatherBug
SurfAccuracy
SideFind
HyperLinker/ Link Maker

B. You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to …

Your log looks clean- no spyware/viruses/etc. that I can see.

The problems you're experiencing could be due to a few things, from an outside intruder to a hardware fault (overheating can cause such "flaky" symptoms). To eliminate the possibility of interference from an outside intruder, physically disconnect the computer from the network and see if the problems persist; also see if you can determine if a particular program or proceedure is associated with the abnormal behaviour

Hi jack.mcintyre,

Sorry this post wasn't answered earlier; we're a bit shorthanded at the moment.

Your log indicates at least a few separate infections, and HijackThis alone won't be able to thoroughly remove them. Please follow the procedures below to get as many of the "unwanted guests" as possible removed; we'll clean up any leftovers with HJT after that.

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by …

I've never seen a guide/tutorial for l2mfix, and I think that developing such a beast would be rather difficult. I once asked our member crunchie about interpreting l2mfix logs, and his answer was basically along the lines of "you just know what's suspicious".

In other words, picking the "likely suspects" out of the log relies a lot on intuition and experience, familiarity with the attibutes of the malicious files (telltale names, sizes, creation dates, etc.), and familiarity with the mechanisms of the infection itself. The fact that the names of many of the malicious files identified by l2mfix are random (and can even "morph" at each reboot) means that there can't really be a definitive list of the "nasties" that the utility may find.

Your latest log shows no signs of malicious infections, including WinFixer.
Are you still experiencing problems? If so, give us the details on that.

OK- cool down people. You've both made valid points, but the facts are these:

1. No member's problem is more urgent than any other.

2. Posting additional "pleas for help" or "bumping" your thread might very well cause other members to ignore you. Such actions are often seen as selfish.

3. We do try to keep up on all of the posts to the best of our abilities. However:

a) We are more than a bit understaffed when it comes to helpers in the virus/spyware forum.

b) Most of us who do help in the virus/spyware forum have responsibilities in many of the other forums as well.

c) We helpers volunteer our sevices here on our own free time, of which we have very little.

Given the above, thread do "fall through the cracks", and threads are not always addressed in chronological order. We aren't perfect, but we all do try to do the best that we can.

You are using a very old version of HijackThis (v1.97.7), which does not probe nearly as thoroughly as the lastest version (1.99.1). Please download and run version 1.99.1 and post the log from that version.

Skip steps 2 and three; just do steps 4-6.

Can you just tell me the instructions to deleting this virus/trojan?

You have more than one infection, and they cannot be fully removed in just a few simple steps. If you had followed all of the instructions I gave in my last post, that should have taken care of most, if not all, of the problems.

Your latest log remains unchanged from the last log you posted, with the exception of the indication that you did visit the bitdefender site. If you had run MS Antispyware and SpyBot, your latest log would reflect that.

Please review my last post and follow all of the steps I gave fully and completely. Post a new HJT log after that.

You don't buy my explanation that 70,000 people registered, just to vote for Dave?

Hell- I don't even buy that one, Alex. :D

Is Dave the guy that likes the baby beaver things?

Beavers?! Beavers?!

My Wombats moons in your general direction...

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/WombatMoon.gif[/img]

ace.dll is a filename associated with the Apropos/PeopleOnPage infection. Please do the following:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

The "Preview Adservice" and "System service76" entries in your latest log indicate a couple of new "unwanted guests". I'm logging off for the night now, but I'll post removal instructions when I log back in tomorrow.

Welcome, silverfocks! :)

i want to analyse how many posts people usually make on daniweb per day

6.63 post per day, according to my member profile. Of course, that's averaged over my entire time here, and I certainly don't post every day. I usually make somewhere between 8-15 posts or more on any given day of activity here.

Hey Dani,

I'm in if the exact date permits. :)

BTW- you might want to post a copy of this in the Geek's Lounge; it would get a heck of a lot more exposure there.

You're welcome, glad we could help. :)

This file is not on Hijack This...

Are you sure about that? The 023 entry does appear in both of the logs you've posted.

OK- post an update when you can; we'll be here...

Good work, your latest log is clean. :)

One thing, though:

There's no reason to be using MyWay as a search portal, given their *ahem* wonderful reputation as a company with a *cough* squeaky clean history of being spyware and adware free. Have HJT fix the following entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

You're welcome, glad we could help (we like happy endings). :)

Now that your log is clean and your system appears to be functioning correctly, please read this thread for some very good suggestions on how to make your computer much less prone to future infections.

Please do the following:

1. Click on the "Run..." option under your Start menu, type the following in the resulting "Open:" box, and then hit Enter:

services.msc

In the resulting list of Windows Services, locate the following service and perform the procedure below on it:

msmbios (Microsoft System Management BIOS Driver)

- Double-click on the service.
- In the resulting window, click the Stop button if the service is reported to be currently running.
- Once the service is stopped, choose the "Disabled" option in the "Startup Type" drop-down menu, and then click OK.
- Close the Services window.

2. Run HijackThis again and have it fix:

O23 - Service: msmbios (Microsoft System Management BIOS Driver) - Unknown owner - C:\WINDOWS\mssmbios.exe

3. Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window, click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

msmbios

4. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

…

kcto88,

Your HJT log indicates at least two or three separate infections, an "about:blank" variant definitely being one of those.

A. First of all, the header information in your HJT log shows that your versions of Windows XP and Internet Explorer are very out of date:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Please use Windows' Automatic Update feature to bring your system up to date; many of the updates you're missing address/fix security loopholes through which malware can infect your computer. I definitely wouldn't suggest going all the way to Service Pack 2 until we're sure that you're infection-free, but you need to at least upgrade to Service Pack 1 with all of its most current critical updates.

Once you've done that, the upgrades/updates should be reflected in your HJT log's header info as follows:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

B. Once you've done the above, let's do a full spyware/virus cleaning drill:

You will need to disconnect from the Internet for some of the following, so you'll need to print out the following instructions, or save them into a text file with Notepad.

1. Download and run these specific about:blank/Home Search/etc. removal tools (before scanning/fixing with about:buster and CWShredder, use their online update features to make sure you have the most current updates installed):

CWShredder - http://www.intermute.com/spysubtrac...r_download.html
…

I know exactly how the software operates, and I'll only agree that its bloated.

No offence meant, but the growing bloat is one of the main causes of problems/conflicts on users' system out there in the "real world". The definition of the term "Creeping Featurism" pretty much sums up the problem.

Stevie Wonder,

Try the suggestions dygital gave above. Also- can you please tell us which exact running processes listed in Task Manager are sucking up the majority of your CPU and Memory resources?

Your HijackThis log does indicate a couple of malicious "unwanted guests", so I'm moving this thread to our Viruses, Spyware, and other Nasties forum.

:sad: I obviously hang out in the wrong part of this forum. I've never heard of any of you!

lol.

Of course you've never heard of us- we are the dark silent shadows looming over your shoulder as you browse the forums very, very late at night... MUUUAHAHAHAHAHAHA!!!! [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/possessed.gif[/img]

:mrgreen: :mrgreen:

Good work- your log looks clean now. :)

Everything rebooted normally after following your instructions

Does that mean that all of your programs, shortcuts, etc. are working now? Please give us an update on that.

Good job, your latest log is clean. :)

There are preventative measures that you can take to "harden" your system against further infections, and this thread describes many of them. At the very least, I would suggest that you install the Microsoft Antispyware beta and SpywareBlaster programs, and tighten up some of IE's security-related settings as described in the above link. Better yet, use another browser such as Firefox for your normal Internet surfing (you will still need IE to use Microsoft's Windows Update feature).

well ofcourse i knew that AOL was an abbreveation of america online, honest... :o

lol :mrgreen:

then it tries to connect to the ip adress 205.188.146.146, which is one of the ip adresses that the SQL has tried to come from.

205.188.146.146, and the 205.188.146.145 address listed in your 017 HJT log entry, are the addresses of AOL proxy servers. Your AOL software uses those servers to access the Internet; this is normal.

A couple of things to try:

1. Disable BlackIce entirely before trying to troubleshoot anything else. Firewalls often get confused or corrupted, and block traffic that they should not.

2. If disabling the firewall has no effect, see what happens when you try to reach a site by its IP address instead of its URL. Using Google as an example, type the following into AOL's address bar and let us know the results:

http://66.102.7.147

3. I'm probably preaching to the choir here, but in all honesty I'd really suggest trying to wean your mother off of AOL. AOL has always caused its fair share of headaches, and each new version is more bloated than the last, adding more layers of crud and complexity to your system as a whole.

To eliminate the eAcceleration startup error, run HijackThis again and have it fix the following entry:

O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

The eAcceleration software is not still on your computer, but a Registry entry which references the software is; fixing the above HJT entry will delete the "orphaned" Registry entry.

Also- please do not do a system restore or reinstall- neither is necessary at this point, and in doing either you might incur more problems than you already have.

That could be a symptom of a malicious infection; post a HijackThis log in our Viruses, Spyware, and other Nasties forum if you would like us to check that out.

Also- open the Event Viewer utility in your Administrative Tools control panel. Look through the System and Application logs to see if there are any error or warning messages which might shed more light on the cause.