Posts by kylethedarkn

Those really aren't the most threatning of malware and i think we can get most of them with a good scan so try the following.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on …

There is also a fix in the stickys so you should look at that.

Quite alot of nasties there.

First lets run the followng program to get rid of most of the nasties.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under …

Good job everyone.

Yeah i know why you couldn't get rid of that 02 entry so do the following.

Open Task Manager(alt+crtl+delete)and go to the processes tab. End teatimer.exe and then do the 02 fix using HJT. That should get rid of it. To get teatimer.exe back on just go to the program files folder and click on it or just reboot.

If that fixes everything up you can mark this thread as solved using the link at the top of the page.

Yeah
Yeah good Idea we might be dealing with a vaundo infection here.

Good fix lets see if we can get this in the stickys.:)

yes that is a toolbar that changes it name to avoid deleting. If you see anything resembling that delete it. If you cant delete it in safe mode then post that back here and then i'll give you further instructions.

Xxpenetrator is right. lsass.dll(not to be confused with lsass.exe)Is the Adware Purityscan. And the other is a nastie toolbar.

Lets Start by doing the following. Run HJT and place a checkmark next to the following.
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nso78.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll
Click fix checked.

Now reboot to safe mode by tapping F8 during starup and selectiing safe mode.

Using my computer find and delete the following files.
C:\Windows\System32\lsass.dll
C:\WINDOWS\system32\nso78.dll

Reboot back to normal mode.
Post a new HJT log here.
Still having pop-ups?

No Problem. You can mark this thread as solved if you haven't already.

Just mark it as solved if nothings wrong(there should be a link at the top of the page.

Like I thought, You are infected with vaundo. Please do the followng.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Post that log along with a new HJT log.
Still having problems?

Ok a couple things first run the following scanner. Also could you give me a detailed description of what happens.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under …

if I took out the contin varible statements the programs runs fine. It pops up in a new window and ask you to input o for oval or r for rectangle and then creates a shape based on the character typed in. The only problem im having is that it isn't recognized c.setColor and I dont no how to get the contin things to work. I'm a newb at this so don't be too harsh. I've only been in Comp Programming for about 2 weeks at High School Freshman year.

Actually Reinstalling really doesn't work either. I had the same problem with my norton. I uninstalled norton and got AVG. I would recommend doing the same. You don't have to get AVG you could get AVAST or Macafee, just don't keep Norton. I keep my computer clean with only three programs. Ad-aware, AVG and Ewido.
Glad I could help.

I made a program that is supposed to ask for a shape and then make a green shape and then ask you if you wanted to make another shape. That didn't work so I changed it to ask if you wanted to make another shape after this one and put the println before the prompt.That didn't work either could anyone tell me whats wrong with the following code.

// The "Shape_Generator" class.
import java.awt.*;
import hsa.Console;

public class Shape_Generator
{
    static Console c;

    public static void main (String[] args)
    {
        c = new Console ();

        int on_off = 1;
        int contin = 1;
        char shape;
        char answr;


        {
            while (contin == 1)
            {
                while (on_off == 1)
                {
                    c.println ("Type in \"r\" for rectangle or \"o\" for oval.");
                    shape = c.readChar ();
                    c.println ("Do you want to make another shape after this one? y or n");
                    answr = c.readChar ();


                    if (shape == 'r')
                    {
                        c.fillRect (100, 100, 100, 100);
                        c.setColor (Color.green);
                        on_off = 0;
                    }

                    if (shape == 'o')
                    {
                        c.fillOval (100, 100, 100, 100);
                        c.setColor (Color.green);
                        on_off = 0;
                    }

                    if (answr == 'y')
                    {
                        on_off = 1;
                    }

                    if (answr == 'n')
                    {
                        contin = 0;
                    }




                }
            }
        }
    }
}

First of all you could do a system restore if you have a restore point from before the infection.

The above post probably wont do anything but take up space on your computer. Your suspicions were right your are infected with the WORM_SPYBOT.GP.

Lets see what we can do. First go to Control Panel and ADD\Remove Programs and remove the following.
MyWay, My Websearch Bar, or something similar.

Now run HJT and check the followng.
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
Click fix checked and then close HJT.

Now Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows …

I vaugely remember a situation like this that was the cause of malware but because the log is clean it doesn't look like that's the case. But lets test one more thing change the name of hijackthis.exe to something like scanner.exe and run the scan again. Post that log here. Sometimes malware blocks it self from hijackthis.exe.

Your log looks clean. Could you explain in detail the problems your having also I would like you to run the following scanner.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action …

Ok lets get started. You have Free Download Manger download on your computer so will have to get rid of that. Open up Control Panel and then go to Add\Remove Programs and remove the following if present.

Free Download Manager, FDM, or something similar.

Now run HJT and put a checkmark next to the following if present.
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
Click Fix Checked.

Now using my computer delete the following files and folders if present.
C:\Program Files\Free Download Manager\
C:\WINNT\web\related.htm

Also I would recommend going to www.microsoft.com and Downloading Service Pack 2(SP2).

Are you still having problems after doing the above steps?

I'm reposting you HJT log in this post so that it is easier for me to look at.

Logfile of HijackThis v1.99.1
Scan saved at 2:51:42 AM, on 9/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Mixer.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\PV92Tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrator.CHAOS\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - …

You are infected with Viewpoint Manager and a few other things, unfortunetly im at school right now, but I will solve this problem tonight in the meanwhile do the following.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to …

You have a few things on your computer so lets get that fixed up.
Run HJT and put a check mark next to the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O21 - SSODL: SysTray.Exconga - {7722ECFF-4E56-4E5b-B53C-E65294F575E0} - (no file)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\ldui\LOCALS~1\Temp\8856\explorer.exe
Click fix checked and close the program.

Now Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox …

No it's not wireless.

Thanks I'll look into that, but if that doesn't work I'll just have to get a new mouse.

Ok lets try a couple things. Run HJT and put a checkmark next to the following.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; <local>
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
Click fix checked.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
…

My mouse whell stop working in the sense that if you roll it up and down it wont do anything but if you click it in so the circle with the arrows appears it works like that. Also sometimes the mouse wheel will randomly work for a while and then stop but only for a matter of seconds. Any Idea whats wrong?

PS-Its a Logitech laser mouse

Ok lets try a scanner that I think is supirior to most others.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under …

IE isn't that good. Firefox is better so I would recommend using that, but your computer is still infected so do the following fixes.

Go to Control Panel\Add Remove Programs and remove the following.
FreezeScreen or something similar
New.net or something similar

Now run HJT and put a checkmark next to the following.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE(optional for more speed)
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: …

Thanks this will help me alot.

Sorry to jump in here, but if you need a program like Kazaa I recomend Limewire. Unfortunetly this also downloads adware, but I found a loop hole in there plot. If you delete the folder C:\Documents and Setting\"Whatever the Admin is here\Complete\ then no adware will be downloaded. But you are still at risk from anything you download manually. Only download Things that at least 10 other people have downloaded.

Thats only if you need it.(By need I mean want it bad enough that your life would be miserable if you didn't have it)I you don't need it then ignore the above statement completely.

I'm Taking a Class on Java at my Highschool, but my teacher goes very slow and I need a quicker pace. Could anybody so kind as to give me a list of simple classes and commands so that I could work with them.

Also does anybody know a Good program to use to create java programs.

Were using the Ready to Program program in class but unfortunetly it costs money.

Try using the recovery disk to repair windows. Here are instructions on how to do that.

Hmm I'm not one of the system file repair people so lemme get one of those on this thread.

Did anything clear up after the ewido scan?

Nothing in the HJT log is telling me anything I recommend updated the sound driver and then uninstaling the program that started all of this. Also I want you to run ewido.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under …

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.

Not too sure which specific router settings can fix that but I'm sure that DMR knows something about those settings.

Well I Don't know if your willing to buy a new router but if you are then buy one it will fix up the settings and this time you might want to get one in english.

Are the actual router settings in german or just the manuel because I don't think anyone knows german.

Its laser and its not one you can take apart its permanently shut.

Yeah I kind of figured it was but I thought I would check here first. Now I have to get a new mouse.

My mouse wheel stopped working randomly. Not malware related I checked my self and have scanned with everything so I know its not that.
Everything with the mouse settings is fine.

Any idea what happend?

Well try that but i'm pretty sure almost certain that its something to do with the router configurations he has.

Even though you have the same problem unlike other sites we don't allow piggybacking off other peoples posts, because nobody really has the EXACT same problem as someone else and it can get confusing. So make a new thread with the same post as above and someone will get on it also include a HJT log.

Well ive found a suspicious file that I want you to scan. The file is smss.exe. Usually this file is a normal system file but it is usually located in the system32 folder yours however is running form the system folder. This usually means its not the real thing so lets scan it.

Go to Jotti's and upload and scan the following file.
C:\WINDOWS\system\smss.exe

If the scan finds something malicious then do the folllowing.
Run HJT and check the following.
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
Close all other windows and click fix checked.

Now Reboot to safe mode and delete the following file.
C:\WINDOWS\system\smss.exe

Reboot back to normal and post a new HJT log.

If the scan comes back clean let me know.

No Problem.

Yeah it looks like it.

Well I was assuming you set to block everything from those sites. All that those lines say is that anything those sites send you are rejecting from you computer. If you dont want one of those blocked then use HJT to remove it.

You have some loose ends in your HJT but nothing malicious.
Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
Close all other windows and click fix checked.

Go to Jotti's and upload and scan the following file.
odqgc.dll

Post a new HJT log along with the results from Jotti's.

About:Blank seems to have infected your computer now.
Run HJT and check the following.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
Close all other windows and click fix checked.

Now download, extract, and run aboutbuster which you can download from here.

That should clean everything up.