Posts by 'Stein

Post a HJT thread in the Virus forum.

Thanks.

http://evanz.org/quixotic/846/converting-flac-to-mp3aac-or-how-to-use-all-that-free-live-music-floating-about-on-the-web

...but generally what you’re looking for is free software that converts FLAC to .aiff, which is the most common conversion type. If you find one that converts to .mp3, you’re ahead of the game. Just be sure the mp3 quality is ok, because that’s a big loss to go directly from FLAC to MP3.

And a search of download.com turns up some stuff.

Try this one: http://www.download.com/Top-CD-Ripper-and-Converter/3000-2140_4-10405994.html?tag=lst-0-10

Umm....there's a better place for this....

I think they are sometimes, but it depends on the filters.

Heh sorry for a late reply, but I personally would go with AVG as the resident, and Avast as the manual second.

Thanks.

Simply the fact that Rashakil's icon sorta looks like the baby corpse from the Omen (as in, the newly released movie) heh

Heh it sounds pretty bad to me (sry, ive been away for a bit).

I dont kno much to tell ya...im more of a software guy, but ya..it sounds like toast to me :)

Yes, true.

Roger that nizzy.

Well I'm sure ya all kno how to bypass the Google Images filter and such without using a proxy.

1) Google.de

2) Now, go to advanced settings, and set the main language back to english

3) search pictures away :)

Then again, our WebSense filter's pretty lax anyways...

Awsome. Well I hope we can cure ya :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/Au.../www.yahoo.com
O4 - HKLM\..\Run: [killall] 10010.exe
O4 - HKLM\..\Run: [XTermInit] bhoserv.exe
O4 - HKLM\..\Run: [dmpoo.exe] C:\WINDOWS\system32\dmpoo.exe
O4 - HKCU\..\Run: [AliceSD] srbho.exe
O4 - HKCU\..\Run: [borlandg] init32.exe
O4 - HKCU\..\Run: [sbin] MONITER.exe
17 - HKLM\System\CCS\Services\Tcpip\..\{49E541F6-D8D4-43B7-8808-DCFDBE3F7A2A}: NameServer = 85.255.116.102,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{95EE744F-66D6-4268-B749-C1FEBEAB3F10}: NameServer = 85.255.116.102,85.255.112.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{F65C358F-E0EE-4654-8706-4951762A3AEA}: NameServer = 85.255.116.102,85.255.112.230

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post …

Looks good to me.

Ya still having problems?

Thanks.

Ja, they should.

Let's try this again.
____________

Begin by opening the Add/Remove Programs list and uninstall the following programs:

PartyPoker
PartyGaming

Now, open HJT and place checks next to the following:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Now, restart into Safe Mode and delete the following folder:

C:\Program Files\PartyGaming

Ok, now reboot back into normal mode.

Lastly, your Java is out of date. This is sort of important to fix.

Update the latest version from here.

Post back here with a new log.

Lastly, are ya having any more problems?

Thanks.

Heh it's alrite, no worries :)

Just be sure to post back (after youre back into it) with the HJT log and the Ewido scan log.

Thanks.

The log looks good to me :)

And yes, be sure to run what T perscribed above.

Thanks.

Ya, what he said :)

And ya, after doing that, a new HJT would be incredible.

Thanks.

P.S. I'll do the hijack thing later. I'm kind of in the middle of something right now.

Good, that's what I was about to ask for :)

But ya, if it's in the System Volume Information (a.k.a System Restore)...the easiset way to clean it is to flush out the System Restore points.

For directions with this, simply post back.

Thanks.

Alrite, couple more entries to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab

Awsome, now we're gonna run CCleaner to clean some more:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user …

did a bit of research

Look! Somebody bright enough to do research themselves!

Heh good job :) And awsome job researching.

Thanks.

Roger that, it's a clean log.

However, I just want to be sure of 1 thing--this was run in Normal Mode (not Safe mode), right?

Lastly, are ya having any problems?

Thanks.

Awsome, looks clean to me :)

Are ya having any more problems?

Thanks.

Heh it's cool.

Try disabeling Panda Antivirus before downloading again.

O ya, and by the way, this isn't abnormal--oftentimes AVs accuse other AVs of being spyware and such.

Thanks.

Hmm, definitely sounds like spyware to me.

I'm going to move your thread into the Viruses/Spyware/Nasties forum.

In the meantime:

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Definitely be sure to include this in your reply.

Thanks.

Heh, sorry for being vague.

When I say 'Fix' I mean this:

1) Open HJT
2) Click 'Scan'
3) Place checks next to the lines mentioned
4) Close ALL windows (including this one), and hit 'Fix checked'

And that's fixing with HJT.

Thanks.

Looks all good to me, except for 2 entries. Fix the following:

O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

Now, restart the computer and post a log back here. We wanna be sure they really disappear.

I have seen your messages throughout the forum, and I would like to congratulate you on your dedicated hardwork.

Heh thanks. I guess it makes it that much better that I love my hobby, eh? :)

Lastly, are ya having any more problems?

Thanks.

Welcome to Daniweb:)

To clean things up somewhat, we're gonna run a combination of Ewido and CCleaner:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing …

Roger that, that's a clean log :)

Are ya having any more problems?

Thanks.

Hmm, disappointingly, I see nothing definitive in your log that points to the problem.

However, I AM suspicious about a couple:

1)ResChanger 2005 - Do you know what this is/use this program?

2)PhotoShow Deluxe Media Manager - Do ya kno what this is/use the program?

____________

Secondly, we're gonna use Adaware and see if it picks up anything else:

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

• Download Ad-Aware SE Personal 1.06:
  • Download Ad-Aware SE Personal.
  • Save aawsepersonal.exe to a convenient location (eg. the Desktop).
• Install Ad-Aware SE Personal
  • Double-click on aawsepersonal.exe to install the program.
  • Follow the default settings for installation.
  • After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
• Update Ad-Aware SE Personal
  • Double-click the Ad-Aware SE Personal icon on your Desktop.
  • Click "Check for updates now" then click "Connect".
  • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
• Configure Ad-Aware SE Personal
  • Click on the Gear button at the top of the window.
  • Click "General" on the left hand side to display the General Settings box.
    • Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Automatically …

As for MSN Plus, I need that MSN sucks without it. Can't I keep it?

Well, it really all depends on whether ya got it along with MSN.

Oftentimes, MessengerPlus3 is a valid sign of bad viruses etc, mostly becase it's often connected to the virus.

However, if ya kno ya got it with MSN, it's alrite to keep.

Thanks.

Awsome.

Begin by uninstalling the following programs via Add/Remove Programs:

MessengerPlus3
Viewpoint Manager

Now, open HJT and place checks next to the following:

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

Now, delete the following folders:

C:\Program Files\Viewpoint
C:\Program Files\MessengerPlus! 3

Now, restart the computer and post a new log back here.

Lastly, are ya still having problems?

Thanks.

Ok, I see several things.

First, let's fix the LSP.

Download LSP-Fix and run it, fixing what it tells you to.

Next, continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every …

Good good, last thing, could we see a HJT log?

Thanks.

Ok, that's very good that CCleaner ran.

it had already expired so now I'd have to buy it.

Er..not exactly. THe only 2 things that expire are Auto updates and a background guard...neither of which is necessary to run.

Just be sure to manually update before a scan.

Ok, I can't find it on my computer at first glance. Did the cleaner remove it?

*looking back up at the log*

Arg ya, I was stupid :mad: I forgot to have ya move it into a permenant folder.

SO, let's dl it again:

http://downloads.malwareremoval.com/hijackthis.zip

Before running, create a new folder inside Program Files, named 'HJT'. Now, move the HJT icon into this newly created folder, and run a new scan from there.

Post the log back here.

Thanks.

Nope, I have a strong feeling that, since its a *.tmp file, its spyware.

SO, after disabeling it, run CCleaner and Ewido again.

Thanks.

O ya, last thing. Ya might wanna consider switching over to FireFox browser. It's very similar to IE, except, its safer and more secure (and therefore have less spyware and such)

This is because FF is less-integrated into the system.

The link for this is in my sig.

Thanks.

i click on a page on the status bar at the bottom of my screen i can see it go 2 a ad.doubleclick adress and an adjuggler address

Oftentimes, this depends on the sites ya go to.

also the proxy overide thing is stil present in my hijackthis log

Although I fix this sometimes, it's not really necessary--it's about inter-router fixings and such.

Ya can fix it if ya want.

now that i'm clean should i install service pack 2

Roger that :)

Also, be sure to rehide system files:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, could ya mark the thread as solved?

Thanks again :)

Awsome. If ya could mark the thread as solved, it'd be great.

Thanks again :)

Sure thing, that's a clean log.

About the 2 AVs, here's a good website about it. I'd recommend reading it.

Lastly, are ya having any problems?

Thanks.

Ok, so I go into processes & highlight the one you listed below & press "end process"?

Exactly. But, the ~ in the name means that the computer doesn't know exactly what letter, per say, it is.

SO, with luck, it'll appear in the Processes as
~e5d141.tmp . However, it's more likely that the ~ is some other letter or number.

Examples of possiblities:

te5d141.tmp
le5d141.tmp

And such like that.

Thanks.

First off, I forgot to look at this, but I see a problem right off: You're running 2 antiviruses. When this is done, it can cause some major problems.

Currently, you're running both AVG and Norton Antivirus, and ya NEED to uninstall either one. Pesonally, I'd uninstall Norton (I have used both, and consider AVG MUCH better), but thats personal opinion.

Next, you're not up-to-date in your Windows Updates. However, do not run them now. BUT, be sure to run it after you're clean. (I'll try to remind ya after youre clean).

Now, we're gonna run CCleaner. Instructions for this are below:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your …

That's a clean log.

Are ya still having problems?

Thanks.

Alrite, that log looks clean.

Are ya still having probems?

Thanks.

Hmm, alrite. We'll leave that folder alone for a minute. Open HJT and fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKCU\..\Run: [Lnttgc] C:\WINDOWS\system32\F?nts\?ti2evxx.exe
O4 - HKCU\..\Run: [Aceu] "C:\WINDOWS\System32\YMANTE~1\nslookup.exe" -vt ndrv
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com

After this, restart the computer and post a new log back here.

If some of those entries come back, we'll have to try another scanner.

Thanks.

Hmm...that IS odd.

Adh, try looking inside the System32 folder for other folders that could be similar (where the ? is any letter)

Possibilities are:

Fants
Funts etc...

Report back on what ya find.

Thanks.

Arg, stuipid me. I KNOW THE problem :mad: . Disable SpyBot Teatimer, and then try SmitFraudFix once again.

But other then that....Heh GOOD JOB. I don't see that specific infection in there. However, a few more need fixing:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)

Ok, fix these, restart the computer, and post back here with a new HJT log, and the SmitFraudFix log.

Thanks....and sorry for me being so stupid

Hmm, lets try doing this (the log looks great by the way).

Uninstall the program that keeps holding up Adaware. Fully uninstall it.

Then, try running adaware, and see what happens.

Post back with results.

Lastly, PLEASE be patient...we all work here on free time FOR free...

Thanks.

Looks good to me.

Any more problems?

Thanks.

Awsome.

If ya could do one more thing it'd be great. Could ya mark the thread as solved?

Thanks again :)

Normal please.

Awsome, ya found it :)

Alrite, we need to have a HijackThis log to diagnose the problem.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Hmm, well ya definitely have a SpyAxe infection. And, what I'm thinking is that mabe ya ran SmitFraudFix wrong.

SO, what we're gonna do is sorta rerun it, except with a twist.

Follow the directions below:

Alrite, you're infected with a SpyAxe variant.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the …