Posts by 'Stein

Hmm, well most likely, they're tracking cookies, which, for the most part are harmless.

What is a good idea to do, however, is run CCleaner every week or so.

Directions for this:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
…

Ya, ya removed it again.

Let's do some things:

1) Download Microsoft Beta[/url. THis will protect ya even more.

Lastly, download Firefox (link found in my sig). It's a much safer browser to use.

Thanks.

Hmm, I don't see anything in the log but this. Fix the following:

O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)

And since some different things happened, lets try this again for the heck of it.

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "delete on reboot" and put a check in the "unregister dll.

4) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\CnsMin.dll
C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll
C:\WINDOWS\Downloaded Program Files\cnsio.dll
C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\cnshint.dll

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post …

Let's begin by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Post back here with a new HJT log, and the Ewido scan log.

Thanks.

Welcome to Daniweb.

First, try to uninstall the following via the Add/Remove Program list:

MyWebSearchAssistant
WeatherBug
Viewpoint Toolbar

Next, open HJT and fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZU
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete …

Heh alrite, your HJT folder is in a temporary folder, SO, what we're gonna do is this:

1) create a new folder in Program Files, named 'HJT'.
2) drag the HJT icon into this new folder, and now run HJT from here.

Next, follow this by uninstalling the following programs via Add/Remove Programs:

MessengerPlus3
Internet Optimizer

Now, download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Fix the following entries:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [aLALGC] C:\WINDOWS\sypjp.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm428YYCA
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab

1) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "delete on reboot" and put a check in the "unregister dll.

4) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\nem220.dll

5) Return …

Arg, alrite. After looking into it, SpySweeper has released a new version, one that doesnt allow for a trial mode anymore. Damn.

Did ya happen to do the other part tho?

Lastly, are ya still having problems?

Thanks.

Directions for Safe Mode:

http://www.bleepingcomputer.com/tutorials/tutorial61.html#winxo

To get out, all you'll have to do is restart (without hitting F8 or anything).

And yes, the cleaner should have all the same settings while in safe mode.

Thanks.

Cha, clean indeed.

Just be sure to do 1 last thing:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, if ya could mark the thread as solved, it'd be great.

Thanks.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

GOOD good, it looks to be gone.

Fix this one more time:

O2 - BHO: CCfg Object - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll (file missing)

And post back a new log.

Thanks.

Ok, let's try this with killbox:

1) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "delete on reboot" and put a check in the "unregister dll.

4) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINNT\SYSTEM32\cdscsix3.dll

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Heh, alrite. Well first, I see some things wrong with the running processes, SO, what we're gonna do is run CCleaner...

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

Heh ya, it's alrite to keep those sites on there.

First, let's try to uninstsall Alexa using these directions.

After this, we're gonna try to get rid of BetterInternet using the Nail fix, simply because they are similarly related.

Step 1.
==========
- Please download DSRFix from here
- Extract\unzip the files to your Desktop
(Note: Do NOT run this yet)

Step 2.
==========
- Please download Ad-Aware SE Personal from here
- Install it and check for updates
- Close Ad-Aware

Step 3.
==========
- Download Ad-Aware's VX2 Cleaner plugin from here
- Make sure Ad-Aware SE Personal is closed then install the VX2 Cleaner
- Start Ad-Aware SE Personal
- Click Add-Ons
- Double-click VX2 Cleaner
- Click OK to start the cleaner tool
- If nothing is found click OK and exit the program.

or

- If malware is found click Clean System
- When it's done click Start in Ad-Aware SE Personal
- Make sure Perform smart system scan is checked\selected
- Click Next
- Let it clean anything it finds

- Close program

Step 4.
==========
- Open the DSRFix folder on your Desktop
- Double click dsrfix.bat to run the program (Note: A DOS window should open and close quickly, this is normal)

Ok, the log's clean.

Heh ya, I'd defrag, but not just yet.

I wanna try 2 things.

1)
Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

…

Good idea :)

However, SmitfraudFix won't do much for ya. I'd recommend just deleting it.

Also, be sure to do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Thanks.

Hmm ok, let's do this.

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Reboot into safe mode, and delete the following folder (it should be on the desktop):

C:\Documents and Settings\Roberta nad Aaron\Desktop\aimfix_quarantine

Now be SURE to empty the Recycle Bin.

Reboot into normal mode, and then download and run SpySweeper (link in my sig below).

Run a full scan, saving the log.

Post back here with the SpySweeper log and a new HJT log.

Thanks.

Hmm, let's try this.

Download SpySweeper (link in my sig below) and run a full scan.

Post a log back here, along with a new HJT log.

Thanks.

Probaby, we have to ask you to post your problem inside a new thread.

We'll help ya from there.

Thanks.

Haha o well....I know that feeling.

If ya could just mark the thread as solved, it'd be great.

Thanks.

Ok, let's try this 1 more time, and if this doesn't work, we'll have to try something else:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "delete on reboot" and put a check in the "unregister dll.

4) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\mscfg.dll

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post back here with a new HJT log.

Thanks.

Jefi, if ya could post in a new thread, we'll help ya there.

Thanks.

Heh jeez, thats crazy.

Ya kno what, run Ewido again, and post a new HJT log.

Thats the 1 major problem with System Restore...it really does restore EVERYTHING...including spyware.

Thanks.

Arg, I hate this problem.

I'm wondering, why do I have to hide folders?

Heh, ya don't. I just make it a general issue to intruct the victim to close them up, so they don't do damagae (if they don't know too much). But ya, it's cool if ya keep them open :)

Hmm, what I'm thinking now, is the possiblity that its freezing up because of alotta programs running.

Post back a log, and we'll see what we can fix.

Thanks.

Hmm, well I'm having a slight feeling this blue-screen of death is due to a virus.

With luck, the scans we're gonna run after this fix might clear it.

And ya, the fix I jus posted doesn't need safe mode (I think...)

Heh if I missed somethin, post back and we'll work from there.

Thanks.

Hmm alrite, let's try using regedit.

Open Start > Run, and type in 'regedit' (without the quotes). Navegate to the entry ya wanna delete, and right click it, choosing 'delete'.

Post back here on results.

Thanks.

Hmm, don't see it in the log anymore. In fact, the log's clean.

Begin by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Now, post the scan log back here, and we'll verify you're clean.

Thanks.

Haha yep, ya sure do got SpyFalcon, which is a variant of SpyAxe.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark …

Damn, youre right. Stupid me...:(

Yoshi, please post a new log as asked by Tayspern.

Out of curiosity, does this problem with right clicking happen EVERY time, or just when ya try it right after startup?

Also, have ya tried a defragmentation?

Lastly, do this to restore hidden folders:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, is the problem still there after the CCleaner/Ewido?

Thanks.

Alrite great.

Let's run this first:

1.Please download AIMFix from here.

2. Run the program

3. REBOOT your system

4. Post back a new HJT log

Thanks.

Awsome. Nice new thread :)

Let's start by doing this:

1.Please download AIMFix from here.

2. Run the program

3. REBOOT your system

4. Post back new HJT log.

Thanks.

Arg, that sounds pretty virus-like.

Let's try running the *.exe version of HJT.

Download using this link:

http://downloads.malwareremoval.com/HijackThis.exe

If that doesnt work, post back and we'll work from there.

Thanks.

Nooro.

Go here and look for a button above the list of posts that says 'Start a new Thread'

Thanks.

Hmm, I see no major problems in the log. However, fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.95.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = webmail.wesley.wa.edu.au;portal.wesley.wa.edu.au/NetStorage/;www.deviantart.com;<local>
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - blank (file missing)

After this, continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user …

Namine, please start a new thread with this problem.

Don't 'piggyback' onto another thread.

We'll help ya in the new thread.

Thanks.

heh my bad, I apolegize.

You're pretty infected, but we can fix all of it. Let's do this.

Open Program Files (My Computer > Local Disc (C: ) > Program Files).
When ya open it, right click, and create a new folder here. Name it 'HJT'.

Now, drag the HJT program icon into this new folder.
__________________________

NOTE: Some of this process will be done while in safe mode. Save them to a Notepad file, as you will not be able to access the internet while in Safe Mode.

After doing this, follow up by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden …

Awsome, it worked. And, the log's clean.

Follow these intructions to rehide hidden folders:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, are ya still having problems?

Thanks.

Haha awsome.

Ok, for protection, I would recommend:

1) Antivirus - AVG (free)
2) AntiSpyware 1 - Ewido (free)
3) AntiSpyware 2 - Microsoft Defender (free)
4) Software Firewall - Zone Alarm (free)

I would download and keep running all of these.

AVG
Microsoft Defender
Zone Alarm

If ya could mark this thread as solved, it'd be great.

Thanks.

I don't see anything else in the log--it's clean again.

Are ya still having problems?

If yes, download SpySweeper (link in my sig below).

Download, update definitions, and run it.

Post a run log back here after ya run it.

Thanks.

Hmm, well the log is clean. However, let's try 2 things.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' …

Personally, it seems more like a glitch then anything else.

If it was me, I would just stick with FireFox and not worry too much.

Safety Issues - Just be sure to run Ewido 1ce a week or so, and run Norton evey once and a while, and ya should be fine.

Thanks.

Ok, let's fix these with HJT:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/24d29e460517ab9...p/RdxIE601.cab

Now, download Spysweeper and run a full scan, saving the log:

http://www.webroot.com/shoppingcart/tryme.php?bjpc=64021&vcode=DT02A

Post back here with a new HJT log, and the SpySweeper log,

Thanks.

Ok, check the following in HJT, and after checking, hit 'Fix checked':

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

After doing this, continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are …

Ja, log's clean :)

Let's finish up by flushing out your System Restore points, as they seem pretty infected:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Lastly, are ya having any more problems? If so, post back here.

If not, mark this thread as solved, and we wish ya luck keeping clean.

Thanks again :)

Ok, couple things.

First, uninstall 'Save' or 'WhenUSave', and 'Network Monitor' from the Add/Remove Programs list.

Then, fix the following with HJT:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O21 - SSODL: ECCEBHCG - {2D3033ED-1E8A-1569-3317-1FDD6211340E} - C:\WINDOWS\System32\Dakgiood.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Then, reboot into safe mode and delete the following folders:

C:\Program Files\Save
C:\Program Files\Network Monitor

Now, Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "delete on reboot" and put a check in the "unregister dll.

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\Dakgiood.dll

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a …

Welcome to daniweb :)

We're gonna do 2 things.

1)

1.Please download AIMFix from here.

2. Run the program

3. REBOOT your system

And after this,

2)

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Post back here with the HJT scan log.

Thanks.

Umm...ya never moved the icon from the initial folder, as asked by the first post.

Fix this and post a new scan, and we'll work from there.

Thanks. :)

Hmm, it's still there.

Let's try doin this:

Begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every …

Hello, welcome to Daniweb :)

Let's begin by going to the Add/Remove Programs (inside the Control Panel), and uninstalling anything having to do with the following:

isrvs
VIP Quality Software
EmpirePoker
Bodog Poker

Let's follow this up by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"

  -=-=-=-=-=-=-==-==-=-= End here to download but not scan -=-=-=-=-=-=-==-==-=-=
  

• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
…