Posts by 'Stein

Akeelz, probably the best place to look is the current thread we have going on this topic:

Here: http://www.daniweb.com/techtalkforums/thread43937.html

Thanks.

Wohoo, a fellow Tennessean

Welcome to Daniweb :)

Hmm no, no problem where I'm at....if anything a tad faster (thanks Dani :cheesy: )

I don't currently recieve it, but I've liked that current blogger a ton (I can't think of his name off the top of my head).

His articles are pretty good, and mabe newsletter worthy.

Thanks.

I hate to bring the obvious, but is it possible that

1) Ya talk back and forth on the thread, and then open the email to find a whole bunch

2) Ya have it set on, like, daily updates?

Just throwin out some possiblities..

I'm not having problems by the way.

Thanks.

Spyware. Moving your thread. Someone there'll assist ya further.

Yes, true.

Roger that nizzy.

I second that.

Moving the thread...

Let's check for spyware. I'll move ya to the Spyware forum. Someone'll help ya there.

Hah good luck and welcome to Daniweb.

For help, look in the 'Dead Machines" forum here.

Ahh, makes sense to me.

Thanks guys :)

Out of curiosity, why would anybody have that on (DisableSR) in the first place?

I mean, why wouldn't ya want SysRestore...?

Thanks.

Hmm, I could SWEAR there's an option for turning them off somewhere around here...is it in the Control Panel mabe?

Thanks.

Heh nightwishmaster, couple things I would recommend to ya.

1) Do something with the posts. After looking, it appears that 90% percent or so are for the 'Vending Machine game' :)

2) Watch for what ya recommend. Earlier tnite, I had to delete a post by urs because it recommended using an illegal program activation code..;)

Heh

Lastly, youre a DeviantArt mod? Not bad....I got alotta friends that have accounts there....and its some really good work.

Thanks.

Well I'm sure ya all kno how to bypass the Google Images filter and such without using a proxy.

1) Google.de

2) Now, go to advanced settings, and set the main language back to english

3) search pictures away :)

Then again, our WebSense filter's pretty lax anyways...

Heh alrite, just wanted to inform ya guys that I've been having some small problems in my life, and because of that, I'll be, temporarily, not posting here.

THEREFORE, what I'm tryin to say is that

1) Victims - It might take a slight bit longer (cause theres 1 less worker) to have your threads answered. Just be patient :)

2) Helpers - I'd love ya guys if ya would cover for me a tad :)

With luck, Ill be back in 1-2 months.

Thanks again, and I hope all's still well until I get back.

Thanks again for everything :)

Awsome. Well I hope we can cure ya :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/Au.../www.yahoo.com
O4 - HKLM\..\Run: [killall] 10010.exe
O4 - HKLM\..\Run: [XTermInit] bhoserv.exe
O4 - HKLM\..\Run: [dmpoo.exe] C:\WINDOWS\system32\dmpoo.exe
O4 - HKCU\..\Run: [AliceSD] srbho.exe
O4 - HKCU\..\Run: [borlandg] init32.exe
O4 - HKCU\..\Run: [sbin] MONITER.exe
17 - HKLM\System\CCS\Services\Tcpip\..\{49E541F6-D8D4-43B7-8808-DCFDBE3F7A2A}: NameServer = 85.255.116.102,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{95EE744F-66D6-4268-B749-C1FEBEAB3F10}: NameServer = 85.255.116.102,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{F65C358F-E0EE-4654-8706-4951762A3AEA}: NameServer = 85.255.116.102,85.255.112.230

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post …

Roger that, SpyAxe Infection:

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system …

Looks good to me.

Ya still having problems?

Thanks.

Ja, they should.

Let's try this again.
____________

Begin by opening the Add/Remove Programs list and uninstall the following programs:

PartyPoker
PartyGaming

Now, open HJT and place checks next to the following:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Now, restart into Safe Mode and delete the following folder:

C:\Program Files\PartyGaming

Ok, now reboot back into normal mode.

Lastly, your Java is out of date. This is sort of important to fix.

Update the latest version from here.

Post back here with a new log.

Lastly, are ya having any more problems?

Thanks.

Welcome to Daniweb :)

Well, first off, I see this:

C:\DOCUME~1\Jennifer\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

In other words, you're running HJT from a *.tmp folder. You need to move this:

Begin by creating a new folder inside Program Files, naming it 'HJT'. Now, drag the HJT icon into this newly-created folder, and run it from here.

_______________

To begin, we're going to uninstall some programs. Uninstall the following programs via the Add/Remove Programs list:

MyWebSearch
PartyPoker
PartyGaming
RxToolbar

Next, we're going to fix the SmitFraud infection:

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with …

Hmm, the HJT log itself is clean, but I'm not liking this Ewido entry At All:

C:\WINDOWS\system32\wnlogow.sys -> Backdoor.Haxdoor.ha : Cleaned with backup

Althouh it was cleaned with backup, I wanna be sure its still not hidden somewhere else on there.

SO, we're gonna do this:

Step 1.
==========
-Download HaxFix.
-Save it to your desktop.
-Double click on haxfix.exe to install HaxFix. (standard installation path is c:\program Files)
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.

Step 2.
==========
Once running, a red DOS window will open.

It will say:

Insert the haxdoor notify subkey without the numbers,
and then press enter:

At this point, please type the following:

winm

and press ENTER

Step 3.
==========
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and press Enter.
The computer will reboot.

After reboot, a new red DOS window will open (HaxFix - cleaningbat).
This message will appear:

Insert the haxdoor notify subkey without the numbers again,
and then press enter:

In response to this, type the following:

winm

and press ENTER

Step 4.
==========
When the red dos window closes, the fix is ready.
Post the contents of C:\haxfix.txt along with a new …

Hmm alrite, another clean log.

We're gonna try 2 things:

1) Running Ccleaner:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back …

Heh it's alrite, no worries :)

Just be sure to post back (after youre back into it) with the HJT log and the Ewido scan log.

Thanks.

Be sure to post back with a new log tho, along with the Ewido scan log.

It looks like this will take more then 1 post.

Thanks.

The log looks good to me :)

And yes, be sure to run what T perscribed above.

Thanks.

Ya, what he said :)

And ya, after doing that, a new HJT would be incredible.

Thanks.

P.S. I'll do the hijack thing later. I'm kind of in the middle of something right now.

Good, that's what I was about to ask for :)

But ya, if it's in the System Volume Information (a.k.a System Restore)...the easiset way to clean it is to flush out the System Restore points.

For directions with this, simply post back.

Thanks.

Alrite, couple more entries to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab

Awsome, now we're gonna run CCleaner to clean some more:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user …

Arg, I see a Haxdoor infection...not the best of ones to have.

Step 1.
==========
-Download HaxFix.
-Save it to your desktop.
-Double click on haxfix.exe to install HaxFix. (standard installation path is c:\program Files)
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.

Step 2.
==========
Once running, a red DOS window will open.

It will say:

Insert the haxdoor notify subkey without the numbers,
and then press enter:

At this point, please type the following:

winm

and press ENTER

Step 3.
==========
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and press Enter.
The computer will reboot.

After reboot, a new red DOS window will open (HaxFix - cleaningbat).
This message will appear:

Insert the haxdoor notify subkey without the numbers again,
and then press enter:

In response to this, type the following:

winm

and press ENTER

Step 4.
==========
When the red dos window closes, the fix is ready.

______________

Now, time to fix the LSP Stack:

Download and run it, correcting everything it tells ya to.

Post the contents of C:\haxfix.txt along with a new HijackThis log.

Thanks.

Roger that :)

did a bit of research

Look! Somebody bright enough to do research themselves!

Heh good job :) And awsome job researching.

Thanks.

Sorry its running in Normal Mode

No, Im happy it is :)

Thanks again.

Roger that, it's a clean log.

However, I just want to be sure of 1 thing--this was run in Normal Mode (not Safe mode), right?

Lastly, are ya having any problems?

Thanks.

Hmm, lemme look into that, and Ill check back with ya.

Thanks.

Awsome.

Thanks again :)

Awsome, looks clean to me :)

Are ya having any more problems?

Thanks.

It might be best to mabe have your thread moved to the Internet Browsers forum.

Tell me and Ill move the thread if ya want.

Thanks.

Heh wha?

The links ya gave were for the icons ya put.

And the HJT log is OK to the furthest of my knowledge...

Thanks.

Yes, you seem very right in what you do, especially looking at your signature:

your FRIENDLY Neighborhood baby eater.

You can't spell SLAUGHTER with out LAUGHTER

Death Cult Armageddon

Sure thing...

Thanks.

Awsome, this is good to hear :)

Glad we could help.

About it not updating--the oly thing I can see is that your computer's having a conflict with another program...and this is the only thing I can think of.

Thanks.

Roger that.

And I apolegize if this seems nosy, but at what other forums do ya work? :)

And ya, I'm sorry again for detracting from the thread.

Thanks.

Another possiblity is spyware.

If ya want, post another thread in the Spyware forum and Ill take a look at it later tnite.

O ya, be sure to post a HJT log too if ya post in the Spyware forum:

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Heh it's cool.

Try disabeling Panda Antivirus before downloading again.

O ya, and by the way, this isn't abnormal--oftentimes AVs accuse other AVs of being spyware and such.

Thanks.

Er...those entries really are legit.

There's only 1 entry that needs fixing (unless ya recognize the IP):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

After this, let's run Ewido:

Continue by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Post back with a new HJT log, and the Ewido scan log.

Thanks.

but i don't think everything is booting up therefore you might not be able to see all.

Thanks, didn't catch that :)

Welcome to Daniweb by the way. O ya, and feel free to step into threads and such,, it's the common practice here :cheesy: (and by that, I mean it in a good way heh)

Thanks.

or maybe they meant it for the windows xp section?

Roger that.

Ya, it's a dead issue, but let's put it in the correct forum.

Moved :)

Ahh, got it.

Thanks :)

Based on what I've seen, I WON'T be buying a new PC. XP (and Windows 2000) are FINE for anything I can think of running or that I need to run...

Roger that exactly.

Heh enlighten the troll.

By multiple desktops, do ya mean where ya have multiple monitors attached to the same computer, and the mouse can go between either screen and such?

Thanks.