818 Posted Topics
 | Re: ie hijack Sorry we missed you, but you slipped through us some how. You show signs of numerous infections, so this may take more than one step. Please run HJT again, and select [b]Do system scan only[/b]. Then check these items. [b] O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp O4 - …  |
| | Re: spyware problems Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other than your Desktop or the Temp folder[/i][/b]. Suitable examples are:[list][*]C:HijackThis[*]C:Programshijackthis[*]C:WindowsMy DocumentsHJT[/list]but feel … |
| | My eyes...They burn! Please lose the caps next time :) [quote] "I HAVE REPLACED FOUR HARD-DRIVES AND DITCHED A COMPLETE COMPUTER" [/quote] Hmm, is that right. Well the only place a virus can hide is in the harddrive. Also if you replaced the computer, the virus would have left. You … |
| | In the HJT logs i am not seeing the backslashes. It shows as this. [quote] C:WINDOWSsystem32svchost.exe [/quote] Where as it should be this [quote] C:\WINDOWS\system32\svchost.exe [/quote] I kinda miss my backslashes, it makes it harder to read ;).  |
| | Hey Chris! Welcome to DaniWeb :). Lets clean you up, please run HJT again, in [b]Normal Mode[/b], and select [b]Do system scan only[/b]. Then check (tick) these items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 … |
| | That is a sign of a virus, the .dll can be directly related to a virus. Let's start by getting a snapshot of the state of your system. Download the (free) [url=http://www.merijn.org/files/hijackthis.zip]HijackThis[/url] utility. Once downloaded, follow these instructions to install and run the program: Create a folder for HJT outside … |
| | Re: Read only files [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. Then we will remove the virus. As for read only. Right click it, select properties, select the general tab, uncheck read only. |
| | Not seeing it in your log, but if you think you have it. [url]http://www.bleepingcomputer.com/forums/topic43659.html[/url] |
| | You need to boot into the windows CD, but in order to do that you first need to configure you BIOS* to [URL=http://www.windowsnetworking.com/j_helmig/bootcd.htm]boot from a CD[/URL]. When thats done, just put your CD in the tray, and it should boot into it by itself (although sometimes it may say "Press …  |
 | Hi, you indeed have quite a few nasties! lets get you all clean. Your HJT program is a temp directory. Please move it to a directory of its own. Now run HJT again, and select [b]Do system scan only[/b], then check (tick) these items. [b] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = … |
| | Hey Tom! Welcome to DaniWeb. Lets get you cleaned up. Please run HJT again, and click [b]Do system scan only[/b]. Then check these items. [b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll O4 - HKLM\..\Run: [winmain] winmain.exe O4 - HKLM\..\Run: [Ezthemes_WhenUSaveNow_Installer] C:\PROGRAM FILES\EZTHEMES_WHENUSAVENOW_INSTALLER\EZTHEMES_WHENUSAVENOW_INSTALLER.EXE … |
| | Re: Help is wanted We are all volunteers, we only have as much time as we dedicate to our efforts :). Please run HJT again, and place a check next to these items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.accoona.com/search_assist...&utm_campaign=[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.accoona.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = … |
| | Well, Could be a virus preventing the browsers/programs from communitcating with the internet? But it also could be a firewall, or somthing similar. Have you recently installed a firewall of any kind? If you want a virus check ( As malware can cause this problem often). Download [url=http://www.merijn.org/files/hijackthis.zip][COLOR="DeepSkyBlue"]HijackThis[/COLOR][/url] (current verison … |
| | Hi please run HJT again check these items. [b] O2 - BHO: (no name) - {00000000-0000-46FE-B963-27BDACE793E9} - C:\Program Files\xmm3u7ox\xmm3u7ox.dll O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 … |
| | Are you sure? If I remember correctly th FolderBrowserDialog, shows you all the folders. Even the system root. Or am I mistaken? |
| | Please run HJT again, select[b]Do system scan only[/b], and check these items. [b] R3 - URLSearchHook: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file) O2 - BHO: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe O3 … |
| | Hi, please run HJT again, select [b]Do system scan only[/b], and check these items. [b] R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7ECC24F0-5232-D278-7EA5-F0878839A1BE} - (no file) O2 - BHO: (no name) - {8C553C96-7B39-31F0-4D87-88519024D246} - (no file) O2 - BHO: (no name) - {A1EED0F5-29A5-BDB4-7E78-ACC6D0395B3C} - (no … |
| | Hmm, I have never seen a blank host. [b] O1 - Hosts: comments (such as these) may be inserted on individual [/b] Might want to check that one to. [I]Moved to virus forum...[/I] |
| | Re: hello Heh, So now because of the triple post I know that Candy is in town. If there wasn't three posts I don't think I could have grasped that idea! :) ;) |
| | [quote] Can someone tell my how I can remove this virus once and for all? Thanks alot! [/quote] Sure :), but you have manny, many more than one. Brace yourself, this could take some time. Run HJT again, and select [b]Do system scan only[/b]. Then check these items. [b] O2 …  |
| | Hi, please run HJT again, and check off the following items [b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.insightbb.com[/url] R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,winusmx.exe O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O20 - Winlogon Notify: URL - C:\WINNT\system32\mdidlpm.dll (file missing) O23 - Service: Microsoft Windows Driver Service (Windows … |
| | Hi, please run HJT again, and select [b]Do system scan only[/b]. Then check these items. [b] R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - Startup: PowerReg Scheduler.exe [/b] Click … |
| | Re: spyfalcon...help Good job. Thats part of it. Now do this. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in … |
| | Perhaps this will help? [url]http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=79[/url] I am sure, you could get what you need from that code, in order to throw together a little class to do what you want. |
| | Re: Please Help Me [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. [i]Please don't post the same thing in more than one forum, becasue this can be virus related, we will continue here.[/i] |
| | Could be a "nasty". Lets find out!. [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. We will work from there. |
| | Hi, if you can't paste the log right, just attach it. It is way to hard to read as is. |
| | Re: guard.tmp [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. We will ensure that all infections are gone... |
 | [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. |
| | Hi, and welcome to DaniWeb. That log looks short. If you ran it in safe mode, which, judging by how you said it hangs while going into safe mode I don't think you did, or if you have latley or in the pass disabled startup items, please re-enable them and … |
| | Hmm, you are no doubt infected. [url=http://www.merijn.org/files/hijackthis.zip]Download hijackThis[/url]. Extract it to its [color=red]own[/color] folder. Then run it and select. [b]Do system scan and save log[/b]. Post the contents of the log that pops up. |
| | Ineed you have a few, along with the above part of the fox, lets have [b]Ewido[/b], take out waht it can before we proceed manually. Please download [url=http://www.ewido.net/en/download/][b][color=red]ewido anti-malware[/color][/b][/url] it is a free version of the program.[list=1] [*]Install ewido anti-malware [*]When installing, under "Additional Options" [b]uncheck..[/b][list] [*][b]Install background guard[/b] [*][b]Install … |
| | Please post a HJT log. Do it same way you did it in your other thread :). |
| | Download [url=http://www.merijn.org/files/hijackthis.zip]HijackThis[/url] (current verison is v1.99.1) Make a new folder to put your HijackThis.exe into. (Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are: [COLOR="Blue"]* C:\HijackThis\ * C:\Programs\hijackthis\ * C:\Windows\My Documents\HJT\[/COLOR] but feel free to use any name.) Extract and save …  |
| | This might help you get what you want. [url]http://www.codeguru.com/csharp/csharp/cs_graphics/sound/article.php/c10931/[/url] |
| | Log looks good. I see you have [b]Ewido[/b] installed. If you could please scan with that, and post a log it would be great :). |
| | Hi, and welcome to DaniWeb. Please run HJT again, select [b]Do system scan only[/b]. Then check these items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - Default URLSearchHook is missing F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe F2 … |
| | Hi, and welcoem to Daniweb. Please check the following items in HJT. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://bfc.myway.com/search/de_srchlft.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dell4me.com/myway[/url] [/b] [COLOR="Red"]Click Fix Checked.[/COLOR] _______________________________________________________ Please download [url=http://www.ewido.net/en/download/][b][color=red]ewido anti-malware[/color][/b][/url] it is … |
 | Hi, please run HJT and check these items. [b] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ie/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ie/[/url] O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINNT\system32\hpD72A.tmp O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} … |
| | Hi, Please run HJT again, and select [b]Do system scan only[/b]. Then place a check (tick) next to these items. [b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " " R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = O2 … |
| | Hi megaman99 First of all- welcome to DaniWeb :) We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, … |
| | Re: Adware!!!!! Hi, that log look pretty short. Are you sure you copied the whole thing? Also, be sure to run it in Normal mode. Please run HJT again, and check these items. [b]O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe … |
| | Were you having any more problems? Or are you having any problems now? |
| | Hi, well sounds like a nasty lil guy ;). Give ewido a whirl ([url]www.ewido.net)[/url]. It is a pretty good scanner. Also Download [url=http://www.merijn.org/files/hijackthis.zip]HijackThis[/url] (current verison is v1.99.1) Make a new folder to put your HijackThis.exe into. (Anywhere on your hard drive is fine other than your Desktop or the Temp … |
| | Hi, and welcome to DaniWeb. Well, despite what McAffee says, lets still see if you are infected. To me it does sound like you have a nasty or two. Download [url=http://www.merijn.org/files/hijackthis.zip][COLOR="Red"]HijackThis[/COLOR][/url] (current verison is v1.99.1) Make a new folder to put your HijackThis.exe into. (Anywhere on your hard drive is … |
| | Re: ashlex Hello, and welcome to DaniWeb. Please run HJT and select [b]Do system scan only[/b]. Then check (tick) these items. [b] O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O8 - Extra context menu item: Block frame with Ad Muncher - [url]http://www.admuncher.com/request_wil...=menu_ie_frame[/url] … |
| | Re: Hjt Log Hi, please begin by running HJT again, and selecting [b]Do system scan only[/b]. Then check these items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cust...search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cust.../www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.sbc.com/dsl[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://yahoo.sbc.com/dsl[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = … |
| | Re: Anything It is not ok ;). Please run HJT again, select [b]Do system scan only[/b], and check these items. [b] O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto [/b] [COLOR="Red"]Click Fix Checked.[/COLOR] _____________________________________________ Please download [URL=http://www.hijackthisaid.org/tools/dls/click.php?id=3][b][color=red]Pocket Killbox by O^E[/color][/b][/URL].[LIST] [*]Save it to your desktop. [*] Please double-click [b]Killbox.exe[/b] to run it. [*] … |
| | Hi, you have numerous infections. Please run HJT again, select [b]Do system scan only[/b]. Then place a check next to these items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - … |
| | Have you tried un-installing, and then re-installing it? |
The End.