Posts by 'Stein

Yes, please delete the folder Oracle. Other then that, I only see 1 thing with the log:

O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Other then this, I see nothing else.

Are ya still having problems? If so, there's a couple more things we can try.

Thanks.

Ya, alrite, it IS spyware.

Go ahead and check one more:

O4 - HKCU\..\Run: [Aukwquj] C:\Program Files\Common Files\?racle\ntvdm.exe

After this, reboot into safe mode and first unhide folders. Do this by opening My Computer > Tools > Folder Options > View > Show Hidden Folders (also uncheck 'Hide protecting operating system folders')

After doing this in safe mode. Delete this folder:

C:\Program Files\Common Files\?racle

After this, reboot into normal mode and post a new log...and another Ewido log is unnecessary, just as long as you've run it.

Thanks.

Damn, sorry bout that. Couple more to fix, along with what i mentioned above:

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O20 - Winlogon Notify: ddcca - ddcca.dll (file missing)
O20 - Winlogon Notify: ddcyw - ddcyw.dll (file missing)

Welcome to Daniweb. Alrite, I see several things wrong with the log. Begin by checking the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\ASKS~1\alg.exe" -vt mt
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA...loadManager.ocx

After doing this, download Ewido and CCleaner (links for both can be found in my signature below). Update definitions for both, and then run scans with both. Save the log from Ewido.

After this, restart your computer and post a new HJT log, along with the saved Ewido log.

After that we'll work from there.

Thanks.

NOTE TO MODS: CastleCops said this was Windows, but what it showed was alittle diff. Eh?

O4 - HKCU\..\Run: [Aukwquj] C:\Program Files\Common Files\?racle\ntvdm.exe

I didnt touch it, but Im suspicious of it.

You might also want to check your router. Most routers can be set to kill the internet and all at certain times.

Haha awsome.
Time for some recomendations:
First off (if ya havn't already), switch and use Firefox instead of IE. It's significantly safer.

Next, download Ewido as a spyware cleaner. It's what I've used for a while with much success.

Also, download Microsoft Defender (formerly known as Microsoft Anti-Spyware). Although it isn't as good at catching spyware, it's a good 'active' catcher.

Antivirus: Personally, I use Norton Antivirus. However, the supposed current best is Nod32. However, these both cost money. For free (and these arn't that bad), I would download AVG. (NOTE: Be sure to only run 1 antivirus)

Firewall: Personally, I have a hardware router built into my router, with Norton Internet Security as a software firewall. However, again, this costs money. For free, the best (at least I feel it is) is ZoneAlarm.

Lastly, I would download CCleaner. This utility is helpful in keeping the computer in an overal good state.

Links for all of these:

Firefox – http://www.mozilla.org/products/firefox/
AVG – http://free.grisoft.com/doc/2/lng/us/tpl/v5
Nod32 – http://www.nod32.com/home/home.htm
Ewido - http://www.ewido.net/en/
Zone Alarm – http://www.zonelabs.com/store/conte...lid=selector_za
CCleaner - http://www.ccleaner.com/

Thanks.

Hmm a couple more:

O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Thats all I really see mostly. Are ya still having symptoms?

If yes, post another log after the changes.

Thanks.

Heh my bad tayspern, take it from here (after my instructions).

Hi, welcome to DaniWeb.

Alrite, first off, download the LSP-Fix (http://www.cexx.org/lspfix.htm) , save it to the desktop, but DO NOT RUN IT YET. Next, print these off or copy them to a word document, as you'll have to run this in Safe Mode (constantly press F8 while starting up). Run the program, which is sorta easy to use.

Second I see several things wrong with the HJT log. Rerun a new scan and check the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - (no file)
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} -C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINNT\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe
O4 - HKLM\..\Run: [slupiwwA] C:\WINNT\slupiwwA.exe
O4 - HKLM\..\Run: [sys011134565166-] C:\WINNT\sys011134565166-.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - (no file)
O23 …

Hmm, by any chance, thegu3st, were ya running a web browser when ya tried to fix it?

Well, first off, ya should correct these on youre HJT:

O1 - Hosts: 66.218.75.184 mail.yahoo.com
O2 - BHO: Creata Mail - {9FEA5BDA-695A-417B-AA31-B54A06570053} - (no file)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program
Files\UltimateBet\UltimateBet.exe

That might clear something up.
Hmmm if none of that cleaning helps... I'm more of a spyware guy, it probably wouldnt hurt to mabe reset your router if ya use one, and do the same if ya have a modem (if ya got one). Sometimes the hardware inside the modem/router autoblock certain sites.

After you're done with that, post a new log please.
thanks.

Alrite, several things with the HJT log. Please place checks nxt to these entries:

O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

Hmm, that LOOKS like it, but mabe not...After running HJT and checking these, click fix. Then, run a new scan and post a log.

Does that solve anything?

Heh my bad.. :o . Last thing then, could ya mark the thread as 'solved' (there should be a button near the top).
Thanks.

Hey, sry for the delay, BUT, run HJT and place checks next to these:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

Hmm, so try that, tell me if it's still having problems, and post another log.
thanks.

Alrite, several things. First, is it one of those things, where ya put in your username/pass, hit enter, and it basically reloads the page?

First off, I'd try doing this and following the directions here:
http://www.daniweb.com/techtalkforums/thread27570.html

Then, I'd try converting and switching to use Firefox instead of IE. Overall, it has better safety and fixed the problem mentioned above (first paragraph) for me.

Alrite, I kinda read ure HJT log (I really dont kno if ya should do it or not, seing that im new at reading HJT logs...)
But, I THINK i've found some bad stuff:

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\gpn0l35m1.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hpaC1waW4gSHN1\command.exe (file missing)

Now, I dont even trust myself too much, so i dunno if ya wanna fix um or not.... I'd wait until someone better looks at it.

In addition, I cross checked ure HJT log on an online analyzer, and it found the same things i did, just to let ya kno.

according to some other forums, this might work, but for all i kno its more spyware....so mabe ya should wait until somebody smarter posts, but ya, ya might wanna try this if ure desperate

http://www.bestoffersnetworks.com/uninstall/