Posts by Iggystooge

Hi,
This is going to be the least important post you will read, but if anyone can help me, I will still appreciate it. Every fall I have a small weekly football contest with my friends for fun. I have an html file with 20 games on it, players choose one of two radio buttons on the website for their winner of that game until they have selected 20 games, then they include a tiebreaker (total points), then click submit to submit their picks.

When they submit their picks, a form2email.php script that I downloaded a couple of years ago does the rest, sends their picks to me via email. I then have to cut and paste their picks to put in a spreadsheet for everyone so they can see everyone's picks. I would rather it be a form2excel.php script, whereas their picks will directly populate an excel column. I know nothing about php, I just used the free form2email.php script I found online. Anyone have a form2excel.php script that works the same way, or it not that easy?

Thanks! Iggy

Hi gerbil,
I appreciate your prior help. I was really busy for a couple of weeks and had to let it go. I'm ready to tackle my problem again. Below is the TDSSKiller log. I tried running ASWMBR and GMER, but they both hung up and neither would complete. I'm still getting a lot of redirection. Typically, any link I click on goes to the site I clicked on, but also opens up another window with some unwanted wwebsite. Thanks again for your help.

2013/05/28 21:35:13.0132    TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2013/05/28 21:35:13.0132    ================================================================================
2013/05/28 21:35:13.0132    SystemInfo:
2013/05/28 21:35:13.0132    
2013/05/28 21:35:13.0132    OS Version: 5.1.2600 ServicePack: 3.0
2013/05/28 21:35:13.0132    Product type: Workstation
2013/05/28 21:35:13.0132    ComputerName: GNAT
2013/05/28 21:35:13.0132    UserName: Paul
2013/05/28 21:35:13.0132    Windows directory: C:\WINDOWS
2013/05/28 21:35:13.0132    System windows directory: C:\WINDOWS
2013/05/28 21:35:13.0132    Processor architecture: Intel x86
2013/05/28 21:35:13.0132    Number of processors: 2
2013/05/28 21:35:13.0132    Page size: 0x1000
2013/05/28 21:35:13.0132    Boot type: Normal boot
2013/05/28 21:35:13.0132    ================================================================================
2013/05/28 21:35:14.0242    Initialize success
2013/05/28 21:35:17.0414    ================================================================================
2013/05/28 21:35:17.0414    Scan started
2013/05/28 21:35:17.0414    Mode: Manual; 
2013/05/28 21:35:17.0414    ================================================================================
2013/05/28 21:35:21.0304    abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2013/05/28 21:35:21.0882    ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2013/05/28 21:35:22.0523    ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2013/05/28 21:35:22.0976    acsint          (d2523d28674b03976afc1ab6ef712f27) C:\WINDOWS\system32\DRIVERS\acsint.sys
2013/05/28 21:35:23.0445    acsmux          (9a7d29dae24a01dcd33d8f563559b3ab) C:\WINDOWS\system32\DRIVERS\acsmux.sys
2013/05/28 21:35:24.0304    ADIHdAudAddService (71f6893a36ae4c8c23c9d1c1d8746318) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2013/05/28 21:35:24.0851    adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2013/05/28 21:35:25.0398    AEAudio         (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2013/05/28 21:35:25.0820    aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2013/05/28 21:35:26.0351    AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2013/05/28 21:35:26.0726    agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2013/05/28 21:35:27.0117    agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2013/05/28 21:35:27.0710    Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2013/05/28 21:35:28.0273    aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2013/05/28 …

Thanks again for all of your time. Sorry if I screwed up the OTL before. I am still getting some hijackings. Here's the lastest log.

========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-21-2621160978-2338274801-3040308891-1006\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP_UUID_Default not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_223018

Thanks again for the help. Btw, I use the Remote Desktop Connection to connect to my computer at work, not sure if that helps. Here are the two logs below:

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36398 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 916008 bytes

User: Owner

User: Paul
->Temp folder emptied: 21897711 bytes
->Temporary Internet Files folder emptied: 237863612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 551132755 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 66544 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33356 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 653019058 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 130715 bytes
RecycleBin emptied: 50176 bytes

Total Files Cleaned = 1,397.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_100818

Files\Folders moved on Reboot...
C:\Documents and Settings\Paul\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD047.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD10A.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD1D7.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD1E7.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD2D0.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DFD2DC.tmp not found!
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\UR0LJYN4\men-footwear-clogs,default,sc[1].html moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3JNBYN4Y\GothaRouLig[1].eot moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\3JNBYN4Y\museosansrounded-300-webfont[1].eot moved successfully.
C:\Documents and Settings\Paul\Local …

Thanks so much for the help, gerbil. The OTL log is below. I did as you posted above, although when I attempted to go the noadfear page, I received this message and did not proceed:

Reported Attack Page!

      This web page at www.ifighi.net has been reported as an attack page and has been blocked based on your security preferences.

     Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.



All processes killed
========== OTL ==========
Service RPCQT stopped successfully!
Service RPCQT deleted successfully!
File  C:\WINDOWS\system32\Rpcqt.dll File not found not found.
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File  System32\Drivers\RimUsb.sys File not found not found.
Service PID_PEPI stopped successfully!
Service PID_PEPI deleted successfully!
File  system32\DRIVERS\LV302V32.SYS File not found not found.
Service pepifilter stopped successfully!
Service pepifilter deleted successfully!
File  system32\DRIVERS\lv302af.sys File not found not found.
Service LVUSBSta stopped successfully!
Service LVUSBSta deleted successfully!
File  system32\drivers\LVUSBSta.sys File not found not found.
Service FilterService stopped successfully!
Service FilterService deleted successfully!
File  system32\DRIVERS\lvuvcflt.sys File not found not found.
Error: No service named Adfudilslu was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adfudilslu deleted successfully.
File  File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : …

Hi guys,
Thanks for the help. I didn't think to try the virus removal from my antivirus. Duh.

I'm using Firefox. I know how to change the home page, and look at extensions. I will try Superantispyware again, although I've run it before.

Thanks for the offer of help, gerbil. Here are the two notepads:

OTL Extras logfile created on: 5/9/2013 6:56:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.13% Memory free
4.19 Gb Paging File | 2.93 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.87 Gb Total Space | 3.90 Gb Free Space | 2.69% Space Free | Partition Type: NTFS

Computer Name: GNAT | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile …

Yes

Thanks for the tips above. I did what was suggested, but I still have this thing. It likes to reroute to gaming sites, and today, some Chinese dating site. Here is my latest hijackthis, any further advice is much appreciated!

`Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:24 PM, on 5/7/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FastStone Image Viewer\FSViewer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

My apologies for putting this in the wrong forum.

Hi,
I have some hijacking virus that I can't get rid of. I've tried Malwarebytes, tdsskiller, Skybot, AdAware and Superantispyware, cleaned some things, but it persists. Can anyone help? Below is the hijackthis log. Many thanks for any input.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:16 PM, on 4/29/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iCamSource\iCamSource.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Paul\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R0 - …

Thank you so much Jorge, for your advice and not commenting on my ignorance. Much appreciated!

Sorry to bother this forum, but I don't know who else to ask. Please redirect me to a more appropriate forum if needed.

I've had a website for my wife for the last 12 years. She is an artist. I registered her domain name through Network Solutions. Her site has been hosted all this time by a company called Terrasite. Last week, we could no longer sign onto her email. Website still works. We have tried repeatedly to get someone to contact us, no one will. I fear the company is going under. She has lots of customer contacts and emails in her old email. I know I will have to bite the bullet and get someone else to host it. My questions are:

First, and most importantly, will she be able to use her old domain name, and email address, or is this something that would have to be released by Terrasite? She has given out thousands of business cards with her email address on it the last few years, it would suck to lose that email.

Would the company where we registered the domain (Network Solutions) be able to do anything, or is it all tied to Terrasite? Anyway to extract email from an nonresponsive server?

Anyone have any ideas on anything I can do, outside of driving to Rochester, NY and banging on the door?

If I have to go with a new company, do any of you have suggestions? Something reliable is obviously key, with a …

Hi guys,

I can't get my HP laptop (running Windows 7) to connect at home through my router. It will connect through my neighbor's unsecured network, and my Roku accesses my wireless network, but I can't get the PC to work, although it works fine at other locations. I have a Linksys WRT300N router, and a Linksys Rangefire Wireless Network USB Adapter, model #WUSB 100, ver. 2. The wireless network shows up strong, all five bars, when I try to "Connect to a Network". However, it doesn't connect, even though it says it's connected in the "Currently connect to:" box. I have unplugged the router several times, but that has had no effect.

It may be because I changed settings when I got my Roku. Currently, my network mode is BG-Mixed, Standard Channel 11. The security mode is WPA2 Personal, Encryption AES. Any ideas? Am I in the correct forum for this question?

Thanks for any help!

Iggy

There's still nothing bad showing itself. What symptoms are you getting?

It's hard to explain, I've never had anything like this. For example, I was in explorer trying to move some music files to another file, I would click on them to select, and they would react as if I double clicked them and start playing. As mentioned previously, when clicking in radio buttons, like in an email program, I have to click 5 or 6 times for the box to be checked. When using the menu bar at the top of Mozilla, I usually have to click and drag to my bookmark instead of just clicking then navigating down. Just now, when I was trying to put my cursor to start this sentence, it wouldn't let me put it where I wanted to, I had to click five times to get it where I wanted. Could it be a malfuncting mouse, I just thought of that. Thanks again for the help.

There is nothing jumping out in your HJT log. I need to see your MBAM log from normal mode. Could you also rename hijackthis.exe to crusty.exe and post a fresh HJT log too.

Rik, I really appreciate your efforts for me. I pay to be on here monthly, but try not to bug anyone until I have a problem that I can't figure out.

Below is the MBAM log, followed by the new HJT log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5725

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/11/2011 4:08:51 PM
mbam-log-2011-02-11 (16-08-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 398169
Time elapsed: 1 hour(s), 35 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:18 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
…

How come you ran Mbam in safe mode? Try updating it and doing a FULL scan in normal mode. Please post it's resulting log.

Thanks Rik, thought I was suppose to run Mbam in normal. Here is the hijack after running it in normal.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:08 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program …

Hi, I run a Lenovo PC with Windows XP. Lately, it's been doing some funky things. It's hard to define, so I will give a couple of examples. When clicking on bookmarks, I usually have to click and hold the mouse to get it to get to the bookmark. Or if I am clicking in a radio field, for example deleting Yahoo email, I have to click several times in the box for it to take. I've run Malwarebytes in safe mode, and it found some Joker files, which I deleted, but this did not solve it. I've also done a system restore, cleaned up things with CCleaner, and ran tdsskiller. I've included a hijack log if someone is nice enough to look at it. Thanks! Iggy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:04 PM, on 2/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Java\Java …

I have computer issues and I can't seem to resolve them. First, a couple of times throughout the day I get the dreaded "Generic Host Processes for Win 32" error message. I have tried a couple of things I found online, but they haven't worked. Secondly, maybe related, I don't know, my browser (Firefox 3.5.13) gets hijacked when I access the web. I work through it, but eventually the "Generic Host Processes for Win 32" message pops up and I have to reboot. I'm running Windows XP Professional. I have run Malwarebytes and Adaware in safe mode. Adaware found some Trojans and deleted them, but nothing changed. I ran a hijack log below, if anyone has time to look through it. Thanks for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:54 AM, on 10/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://reports.gatech.edu/InfoViewApp/listing/main.do?appKind=InfoView&service=%2FInfoViewApp%2Fcommon%2FappService.do&loc=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070209
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! …

Hi, I have a hijack situation. When I click on some links, the website is hijacked to another site. I have run AdAware and Malwarebytes but nothing works. Any help is appreciated. Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:32 PM, on 9/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://reports.gatech.edu/InfoViewApp/listing/main.do?appKind=InfoView&service=%2FInfoViewApp%2Fcommon%2FappService.do&loc=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Hey thanks, gerbil. It wouldn't allow me to delete the files in Windows, so I just renamed them and it works. Will that be sufficient? Thanks tons for taking the time to help.

Hi,

My VirusScan pops up with an alert anytime I try to start a Microsoft Office 2007 program, such as Word, Excel or Powerpoint. (For example, the pathname shown by the VirusScan Alert is C:\Program Files\Microsoft Office\Office12\EXCEL.EXE::GetProcAddress). It doesn't do this with anything else, web access etc. are fine. It is detected as bo:heap. I have run malwarebytes, the first time I found two trojan viruses, but nothing since. I have also run Spybot. I updated both before running. I ran CCleaner as well. I did a System Restore from a few days prior. I installed Audacity yesterday, that's the only thing I remember installing. I have included the hijack file below.

I run Windows XP, and use Firefox, I recently changed to version 3.5.10. I'm grateful for any advice!

Iggy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:27 PM, on 6/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
…

Everything seems to be working normally. I can't thank you enough for the time you've taken to help me. It's amazing to me that there are folks like you on the web to help schlubs like myself. How can I repay you? Contribute to the site? Buy you a meal? End all war? Please let me know! Thanks again!

The computer looks fine. No wild activity, it just, on surface, looks normal. However, it will not access anything online, browsers just look blank, email software won't get mail.

Ok, forget my previous post. I ran Malware again in safe mode, came up with four instances. Then I ran HijackThis in normal mode, like you told me to do last time. Desktop still shows Active Desktop Recovery screen. Below are the malware and hijackthis logs:

Here is the Malware log:

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/8/2009 8:48:30 PM
mbam-log-2009-01-08 (20-48-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 191020
Time elapsed: 2 hour(s), 33 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Paul\Local Settings\Temp\seneka2605.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3BEEC17C-D923-47C4-8980-270374C47ECD}\RP345\A0046896.dll (Trojan.Seneka) -> Quarantined and deleted successfully.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:05 PM, on 1/8/2009
Platform: Windows XP …

Ok, rebooted to normal, it comes up with the Active Desktop Recovery on the screen. Here is the HijackThis log from the normal boot. Thanks again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:52 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - …

Thanks for the response. It was going really slow after the first hour, it must have kicked in after I went to bed. I did delete the affected files, but copied the log file after it came up, not sure why it showed nothing deleted. I will reboot in normal in a couple of hours and send the hijackthis log. Extreme thanks for your time and interest.

Thanks much for the help. Too all night, but the malware finally finished. Found 19 objects, I removed them and rebotted to safe mode. Here is the log file:

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/8/2009 7:15:13 AM
mbam-log-2009-01-08 (07-14-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 190918
Time elapsed: 2 hour(s), 31 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ojopuluke (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\axenitoba.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekalvfhosty.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekampmysllt.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekasudioird.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\senekavyyoegqw.sys (Trojan.Agent) -> No action …

Thanks much for the reply. I have the Hijack thread below. Since the last time I wrote, I tried running SDFix in safe mode. It runs through the first section, then reboots, starts running through the second section but takes about 30 minutes, then an error message comes on saying that the system must shutdown due to the NT authority system, that the DCOM server process has terminated, so the section part of SDFix never finishes.

Anyway, here is the Hijack part, thanks so much to anyone for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:46 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

Hi,

I came home yesterday to my computer doing weird things, including opening up windows explorer and lots of tabs on Mozilla. I realized it was a virus and did a virus check. I run Windows XP SP2. I went to safe mode. I use AVG for anti-virus, it found about seven viruses, led by Trojan SHeur2.JDY. Some of the files it cleaned were frmwrk32.exe, mousehook.dll, ntdll64.dll. I ran Spybot and cleaned a couple more. I ran CCleaner. I looked for some files that I found online to look for like Viewpoint files, gehumuro.dll, but did not find them. I ran HijackThis but did not come up with any checked instances, so I just closed it.

I thought things were clean, but now my computer will not do anything properly. Often it stalls on the Windows welcome screen after rebooting. If it does load Windows, my wallpaper does not show. If I try to access the web, nothing appears in my browser. I checked my DNS settings and they appear to be the same IP addresses as my other networked computer. I ran the anti-virus again and came up with nothing. I can run some programs (no online access though), but then all of a sudden the computer reboots.

I am not an expert by any means, but I have tried some things that I have read to do, including the tacked threads here, and I am completely perplexed. I'm prepared to reformat, but I thought I …

Hey Caperjack,

Thanks so much for helping me, I created the recovery disks as you pointed me to and everything works great now. I would not have known to do this without you, since I did not get a disk with this system or a manual. I just finished getting the system to work, and wanted to email you first thing. Please email me at paulfincannon@yahoo.com so I can get your address, I would like to send you that $20! Don't say no. Thanks again!

Paul

Thanks to all of you for offering to help. I will be happy to send $20 to anyone who can help me with the problem, I'm just very annoyed with myself. I can't restore the system, it won't allow me to do so. It goes through the process and then after it reboots, it just says "Your computer cannot be restored", which I assume is because I have only had the computer for two days. I got into the BIOS, but can't find any kind of BIOS default reset option. I am working with a desktop wired system, not a wireless. Thanks again for your interests in my problem!

iggy

Thanks for trying to help me out. I did try a system restore, but it would not allow it. Perhaps because I only have had the computer one day. I used CCleaner to disable the startup item. I was planning on disabling the antivirus that came with it to use a different program, that's how I probably did it. As I mentioned, I wanted to reset the BIOS, but that doesn't seem to be an option with this kind of computer. Any other ideas, or should I just contact Lenovo? Thanks again for taking the time to answer.

Obviously you wouldn't know. I don't remember myself. I already said it was stupid, I know that. My question is mainly is there a way to reset the new computer to it's original settings? I don't remember removing anything that I thought was system related, but I'm assuming that I did since it does not connect. I can't go back in time and say what I did, but if you have any advice on how to reset it to factory specs, I would appreciate it.

Hi,

I have a new Lenovo A60, 9631 (well not new, but it came out of the box) that is running XP. I started it up and everything worked fine. Then I stupidly monkeyed about with the startup, and now everything works fine, but I can't access the internet. I tried a system restore, but that didn't work, I would have reset the BIOS to default, but couldn't figure out how to do that either. Anyone know what I might have deleted from start up that would prohibit me from accessing the web? The control panel shows the local area connection is fine. Thanks for any help!

Hi,

First, I apologize if I am in the wrong site, I am not an IT professional, just a slub trying to get something fixed. If I should go to a different site, I will be happy to go there if someone knows where to send me.

My problem. I have a HP Pavilion, which was running XP. I decided to put a new HD in it and bought a 160GB AIDE Maxtor drive. I installed it, changed the cable and tried to set it up as the master as the previous drive had been. I changed the jumper to master as shown in the instructions. I changed the BIOS to have the computer boot from CD-ROM, put in my Windows XP disc and started it up. The BIOS shows that the hard disk is there as the master. But soon after it starts installing, the CD-ROM stops whirring and the install stalls, usually before I get to the "Starting Window" message. I just used the disc to install XP in another desktop, so it should be fine. I tried changing the jumper around as well, but it still stalled. Any ideas on why it is doing this, or anything I should change?

Iggy