Posts by 'Stein

Damn, the Nail infection's still there.

However, since I'm not at my house, I don't have links to any of the tools and such, SO, I'll get back to ya about it later tnite (hopefully 5-7 pm)

Thanks.

Alrite, that log looks clean.

Are ya still having probems?

Thanks.

Hmm, alrite. We'll leave that folder alone for a minute. Open HJT and fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKCU\..\Run: [Lnttgc] C:\WINDOWS\system32\F?nts\?ti2evxx.exe
O4 - HKCU\..\Run: [Aceu] "C:\WINDOWS\System32\YMANTE~1\nslookup.exe" -vt ndrv
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com

After this, restart the computer and post a new log back here.

If some of those entries come back, we'll have to try another scanner.

Thanks.

Let's do both: Fix it using HJT, and then after, reboot into Safe mode and manually delete it. If it wont let ya delete it, report back here and we'll issue Killbox.

Thanks.

Hmm...that IS odd.

Adh, try looking inside the System32 folder for other folders that could be similar (where the ? is any letter)

Possibilities are:

Fants
Funts etc...

Report back on what ya find.

Thanks.

Well first off, I see one major problem with the log--it was run from a *.tmp folder.

To fix this:

Open Program Files, and create a new folder here. Name it 'HJT'. Now, drag the current HJT icon into this folder and run a new scan, posting back the log here.

Thanks.

Arg, stuipid me. I KNOW THE problem :mad: . Disable SpyBot Teatimer, and then try SmitFraudFix once again.

But other then that....Heh GOOD JOB. I don't see that specific infection in there. However, a few more need fixing:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)

Ok, fix these, restart the computer, and post back here with a new HJT log, and the SmitFraudFix log.

Thanks....and sorry for me being so stupid

Hmm, lets try doing this (the log looks great by the way).

Uninstall the program that keeps holding up Adaware. Fully uninstall it.

Then, try running adaware, and see what happens.

Post back with results.

Lastly, PLEASE be patient...we all work here on free time FOR free...

Thanks.

OK, several things to do before the fix Tijay posted. You are INFESTED. And, we're gonna fix the Nail infection before the AntiSpylab one.

SO, follow the instructions below FIRST (before the ones in the last post):

BEGIN by uninstalling any of the following via the Add/Remove Programs list:

MyWebSearch
EbatesMoeMoneyMaker4
BestOffers Shopping
Viewpoint Manager
Desktop Weather
TimeSink

Step 1.
==========
- Please download DSRFix from here
- Extract\unzip the files to your Desktop
(Note: Do NOT run this yet)

Step 2.
==========
Please download Ewido Security Suite from here. It is a free version of the program.

1. Install ewido security suite
2. When installing the program, under "Additonal Options" uncheck...
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should now be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files:
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display "Update successful")
8. Close Ewido Security Suite

…

Looks good to me.

Any more problems?

Thanks.

Here's the full fix:

Begin by uninstalling the following program via the Add/Remove Programs list:

Spyware Begone

Now, open HJT and fix the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080
F2 - REG:system.ini: Shell=Explorer.exe sysinit32z.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan

Now, restart the computer and run Ewido:

Begin by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or …

Hmmm, well the HJT log is clean, and it seems that SFF took out all the infected folders. However, there still a possiblity of it.

1) Open Ewido, update full definitions, and run a full scan in safe mode, saving the log.

2) We're gonna run CCleaner:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every …

heh yep, ya got a couple infections.

BUT, let's see what Ewido/CCleaner will pick up first.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, …

Alrite, let's do 2 things.

First, let's use CCleaner to clean things out.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to …

Awsome.

If ya could do one more thing it'd be great. Could ya mark the thread as solved?

Thanks again :)

Heh well im a big AIM fan, but once i got Titan, I hated it really badly, so I just switched to Trillian (which is a massive IM, consisting of AIM, MSN, Yahoo, and ICQ) So basically, I have the best of 2 worlds, because i use both MSN and AIM.

But ya, thats my rundown.

Thanks.

Arg, let's try Adaware now.

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

• Download Ad-Aware SE Personal 1.06:
  • Download Ad-Aware SE Personal.
  • Save aawsepersonal.exe to a convenient location (eg. the Desktop).
• Install Ad-Aware SE Personal
  • Double-click on aawsepersonal.exe to install the program.
  • Follow the default settings for installation.
  • After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
• Update Ad-Aware SE Personal
  • Double-click the Ad-Aware SE Personal icon on your Desktop.
  • Click "Check for updates now" then click "Connect".
  • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
• Configure Ad-Aware SE Personal
  • Click on the Gear button at the top of the window.
  • Click "General" on the left hand side to display the General Settings box.
    • Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Automatically save logfile"
      • "Automatically quarantine objects prior to removal"
      • "Safe Mode (always request confirmation)"
      • "Prompt to update outdated definitions" - change to 7 days from the default 14.
  • Click "Scanning" on the left hand side to display the Scan Settings box.
    • Make sure the following items have a green check/tick next to them. If they do not, click once on …

Hmm good. It was there, and was found.

A couple things.

Was that the log that came up from ONLY using option 1?

If so, do the same thing, except run option 2 (type '2' instead of '1')

If ya already ran option 2, stay put.

________

Ok, after doing that, run HJT again and post a new log back here.

Thanks.

Normal please.

Awsome, ya found it :)

Alrite, we need to have a HijackThis log to diagnose the problem.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Hmm, well ya definitely have a SpyAxe infection. And, what I'm thinking is that mabe ya ran SmitFraudFix wrong.

SO, what we're gonna do is sorta rerun it, except with a twist.

Follow the directions below:

Alrite, you're infected with a SpyAxe variant.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the …

Hmm, clean log.

2 things

1) Can ya tell me again which folder it keeps getting caught at?

and 2) we're gonna run a complete startup list.

SO, here's the directions for it:

Open HJT, and go to 'Config' > 'Misc Tools'

Now, check the box for "List also minor sections"

Now, click 'Generate StartupList log'

Post that back here.

Thanks.

Heh no, I'm happy you're checkin.

YES, do teh same for LocalService and NetworkService.

Thanks.

lol no worries....just as long as you're back into the spyware forums :cheesy:

We're glad to have ya.

Thanks.

Ahh, about the CWS thing.

(after doing alittle reasearch) I see where ya're comin from.

An O1 entry with the same IP is CWS

This below is the CWS

O1 Hosts: auto.search.msn.com 127.0.0.1

However, since the entry here is a R1...I dunno.

Here's the link for where I found it all...its member's only tho...

Thanks.

Hmm, let's do a CCleaner run. (I THINK ya have this program up already. If so, just run 2 scans in each tab, "Clean' and 'Issues'. If not, follow the directions below.)

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user …

Let's do this:

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Hmm, outta curiosity, caperjack, why would ya run cwshredder?

Thanks.

Hmm let's do this to determine whether ya have it or not.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer, so it will take some time to run. When done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Now, post this log back to us.

Thanks.

Hmm, well that's a clean HJT log.

Are ya still having problems?

Thanks.

Hmm, let's do this.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open …

Good good.

2 things.

1) Follow these intructions:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

2) Could ya please mark the thread as solved?

Thanks again :)

Not bad. The HJT log's clean.

Do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, are ya still having any problems?

Thanks.

O, one more question.

Does the computer itself crash if its just on for a while?

Like, start it up and let it sit for a bit. Does it crash?

Thanks.

(and Im really gonne leave this time heh)

Hmm, well what Im considering now is fixing with HJT first, and then trying the other things later.

BUT, we'll save that for tmr :)

Thanks.

Wow...not good.

Do you know of anything like this?

Well, I've seen stuff like this before.

Also, if it crashes in safe mode, it either means 2 things.

1) it boots with XP software
or
2) its a hardware/fan problem.
_____

Try running Ewido in Safe mode, see what happens.

Be sure to post back the ewido scan log.

Thanks.

Note: My last post for the nite :)

Heh, whoops, me bad ;)

Alrite, let's begin by uninstalling AIM

Now, reboot into safe mode.

First, fix the following via HJT:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Now, delete the following folder:

C:\Program Files\AIM

Now reboot into normal mode and post back here with a new HJT scan.

Thanks.

Hmm, if ya could rerun HJT in normal mode and post back here, it'd be great.

Thanks.

Heh. Quick question, is this before or after the fix I left over there? If BEFORE, follow this fix. If After, ignore it...
___________________

Hmm, some entries look fishy.

First, begin by uninstalling the following via Add/Remove Programs:

WeatherBug
Desktop Weather
HbTools
Hotbar

Next, place checks by the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers...meLeftPane.htm
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll
O4 - HKLM\..\Run: [lucsvdnv] C:\WINDOWS\system32\lpdtarmc.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

After doing this, use KIllbox:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\lpdtarmc.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on …

Welcome to Daniweb :)

Well, ya got several infections. Begin by fixing the following with HJT:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [defender] C:\windows\defender1.exe
O4 - HKLM\..\Run: [newname] c:\\newname18.exe
O4 - HKLM\..\Run: [{9C-C6-65-50-ZN}] c:\windows\system32\ppdsregq.exe CORN004
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinqqaf.exe CORN004
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqqaf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dp16gt.dLL (file missing)
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe

After this, use KIllbox:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Hmm, some entries look fishy.

First, begin by uninstalling the following via Add/Remove Programs:

WeatherBug
Desktop Weather
HbTools
Hotbar

Next, place checks by the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers...meLeftPane.htm
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll
O4 - HKLM\..\Run: [lucsvdnv] C:\WINDOWS\system32\lpdtarmc.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

After doing this, use KIllbox:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\lpdtarmc.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly …

Hmm, that definitely sounds like a midrange virus to me.

Let's start with Ewido/CCleaner and see what they take out.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

EDIT: Fix this line before running the fix below:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Let's run Ewido/CCleaner. (I think ya kno the drill), but here's the instructions anyways:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents …

HJT log....heh, post when ya get the chance :)

Thanks.

Welcome to Daniweb :)

Ug, theres some stuff in that log I don't like.

Let's clean it a tad before we fix with it.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every …

Hmm, well that's a clean log.

Are ya still having speed problems?

Thanks.

Awsome, clean it is.

Any questions or any prevaling problems?

Thanks.

Incredible.

You should charge!

Haha well we sure would make alotta money...

BUT, seeing we all do it for fun...

Haha thanks again, and I'm glad we could help. :)

I'm just gonna say this. You're INFESTED :) But, we can fix everything, so no worries.

Let's begin by uninstalling any of the following via the Add/Remove Programs list:

RL07UWTK
TOOLBAR
TBPS
WinTools
zango

Step 1.
==========
- Please download DSRFix from here
- Extract\unzip the files to your Desktop
(Note: Do NOT run this yet)

Step 2.
==========
Please download Ewido Security Suite from here. It is a free version of the program.

1. Install ewido security suite
2. When installing the program, under "Additonal Options" uncheck...
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should now be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files:
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display "Update successful")
8. Close Ewido Security Suite

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates

Step 3.
…

Tijay, heh I just wanna be sure ya kno what I mean with the 'just because the file's missing doesnt mean its not there' idea.

I apolegize if im sounding mean about it all...but I don't intend to be.

Mainly because I learned the same way ya did, posting here :)

Lastly, if ya have any questions about anything here just PM me.

Thanks again....and sorry to distract the thread.