Posts by kylethedarkn

Try using the recovery disk to repair windows. Here are instructions on how to do that.

Hmm I'm not one of the system file repair people so lemme get one of those on this thread.

Did anything clear up after the ewido scan?

Nothing in the HJT log is telling me anything I recommend updated the sound driver and then uninstaling the program that started all of this. Also I want you to run ewido.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under …

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.

Not too sure which specific router settings can fix that but I'm sure that DMR knows something about those settings.

Well I Don't know if your willing to buy a new router but if you are then buy one it will fix up the settings and this time you might want to get one in english.

Are the actual router settings in german or just the manuel because I don't think anyone knows german.

Well try that but i'm pretty sure almost certain that its something to do with the router configurations he has.

Even though you have the same problem unlike other sites we don't allow piggybacking off other peoples posts, because nobody really has the EXACT same problem as someone else and it can get confusing. So make a new thread with the same post as above and someone will get on it also include a HJT log.

Your Internet Browsing has been hi-jacked by newdotnet. To fix this run HJT and check the following.
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O10 - Hijacked Internet access by New.Net
Close all other windows and click fix checked.

Now open control panel and go to add/remove programs and look for the following and remove them.
NewDotNet, or New.Net, or something very similar.

Reboot to safe mode by tapping F8 during start up and selecting safe mode.

Using My Computer delete the following files and folders if they exist.
C:\PROGRAM FILES\NEWDOT~1\
~1 could be anything but is probably NET

Reboot back to normal mode and run HJT again save the new log and post it back here.
Still having problems?

Sorry I couldn't find your problem, but luckily you foun the zonealarm thing.

Actually I'm running out of ideas. I can't seem to find a reason that you cant access certain sites from one router but you can from another. The only reason I can think of is that the Modem/router is set to block those sites or something like that.

I'll talk to some of our mods and see if they have any ideas.

Could you post an up to date HJT log please.

Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manutd.com/home/default.sps
Close all other windows and click fix checked.

You should be able to change you homepage after this

Run HJT again and check the following.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all other windows and click fix checked.

Are the buttons still greyed out.

Well lets find out if IE is in some way not compatable with the Modem/Router at your house.

Download the Mozilla Firefox Internet Browser From here.

Overall it is a better browser with tabs and more security than IE.

Try acessing the site on Firefox and see if they load up.

That log is clean.
Can you change your homepage. If you can't change it tell me what happens when you try and change it. If you can change you homepage then mark this thread as solved.(Link at top of page)

Could you plz post a new log from normal mode. This one from safe mode doesn't help because the Malware wouldn't be running.

Run HJT and check the 017 entrie. Close all other windows and click fix checked.

Ok could you get me a HJT log from the computer the Router and modem are connected to. This might give us a clue as to why you cant access these website at home.

2 things do you live in the asias pacific region.

And Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted …

Do you have any kind of security on the one at home that might be interfering?

Also Run HJT and go to config>misc tools>host manager and copy and paste the contents to here.

Move HJT this to its own folder in my documents.
Run HJT and check the following.
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
The following is optional but is a resource hog and is not need to load at startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Close all other windows and click fix checked.

Your current homepage is Manchester United. Is that the one you chose?

Also do you know what this is.
Asia Pacific Network Information Centre

Norton is usally the cause of this and is not recommended.(It Sucks)
Macafee is a better program or even AVG.(There are links in the sticky)
But lets try one more thing.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
…

yeah norton is known to cause problems with the internet. personally i prefer macafee. you can mark this thread as solved(there is a link at the top of the page)

Ok First run HJT and check the following.
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINNT\system\svchost.exe
O4 - HKLM\..\Run: [SNP Generic Host Process] C:\WINDOWS\system\svchost.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm411YYDE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
Close all other windows and click fix checked.

Now go to Add/Remove Programs in Control Panel and remove the following.
MyWay, My Websearch, or anything similar.

Now Reboot to safe mode and delete the following files and folders if they exist.
C:\WINNT\system\svchost.exe
C:\Program Files\MyWebSearch

Reboot back to normal and run HJT again. Pos the new HJT log here and tell me if your still having problems.

Ok well run HJT and check the following.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab
Close all other windows and click fix checked.

Reboot to safe mode and delete the following folders.
%windir%\Network Diagnostic\xpnetdiag.exe
(%windir% is C:\windows most likely)

Reboot back to normal and run HJT again. Post the new log here and tell me if you are expiriencing problems still.

Then you can mark this thread as solved.(there should be a link at the top of the page that says mark as solved.)

Yup everythings clean. And you aren't having any problems right?

Its a HOSTS file and you could leave it one your computer so just run ewido and post the log.

Yup and also do the following.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be …

no just rename it not re-download it.

Ok rename HiJackThis.exe to something different like scanner.exe then try again. Also post a new log from after you change the name.

Yes it is safe to delete. You dont have anything that worrys me in your log but do the following. Run HJT and check the following.
O1 - Hosts: localhost 127.0.0.1
Close all other windows and click fix checked.

Are you expiriencing any problems with your computer?

HJT is a tool used to scan your computer's current state. It tells us what programs your have running and helps us remove malicious items.

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.

Yeah there nice once in a while. Casmax you can mark this thread as solved.

Ok go here and download the Purity Scan uninstaller and run it tell me it that works.

Well this was one of those thinking out of the box problems, now wasn't it.

The reason the HJT lines weren't there is because you were in safe mode. Reboot to normal check and fix the HJT lines then reboot to safe mode run ewido and see if it deletes the apra.dll and the other thing.

If that doesn't work download Pocket killbox from here.

Open Killbox and select the delete on reboot option and click on all files.
Then click on the open folder symbol and navagate to the following.
C:\WINDOWS\system32\winyme32.dll
C:\WINDOWS\system32\arpa.dll
When you click on them press ok and then go to the next file.
Make sure that both files are located in the drop down box.
Now click on the kill button.(the red circle with a white x)
The computer should restart itself if it doesn't restart it manually.

Post the new HJT and ewido logs.

Well download process explorer and see if there are any processes showing that are not in task manager and we will go from there.

Ok then lets do a couple things.
First download Ewido's Security Suite from here.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

…

Ok download pocket killbox from here.
Run killbox and check the box that says delete files on reboot.
Then select the all files button.
Go to the folder icon and navagate to the apra.dll and TTrib~1.exe click ok. When you go to the drop down box you should see them there.
Close all other windows and click on the kill button.(red circle with white x) Killbox should reboot your computer. After its done post a new HJT log.

Move HJT to C:\HJT and try again.

Try an ewido scan. You can download it from here.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Reboot.

After reboot run …

The Symantec Process is critical to the running of Norton Internet Security, but since Norton is one of the worst AV programs i suggest uninstalling it and downloading one of the AV programs in the stickys.
Btw I the problem with explorer.exe is not related to malware it is just Norton using explorer.exe to execute its commands. It is probably caused by low memory on your computer.

Yes, but make sure your in safe mode while doing it.

Ok Run HJT and check the following.
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) -
http://instantsupport.hp.com/update/...PChWrapper.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.popcap.com/games/popcaploader_v6.cab
Close all other windows and click fix checked.

Now reboot to safe mode and use add/remove programs to remove the following if present.
Viewpoint Manager

Now delete the following if present.
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
C:\Program Files\MarketBrowser
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Viewpoint

If your still having problems after this let me know in your next post.

:cheesy:Don't forget the HJT log:cheesy:

Just end explorer.exe its not a system process so it wont do any damage to end it and i think it will speed up the process