Posts by dlh6213

Go to Add/Remove Programs in your Control Panel and remove Viewpoint (or View Point Manager).

Follow the instructions given here:
http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_RAMM.101

Scan with HijackThis and put a check next to the following entries, if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k662.com/home.htm
F2 - REG:system.ini: Shell=Explorer.exe ntio.exe
F3 - REG:win.ini: load=E:\WINDOWS\rundl132.exe
O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\Windows\system32\winsrvs_1.dll
O4 - HKLM\..\Run: [ViewMgr] "E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [Msbb.exe] Msbb.exe
O4 - HKLM\..\Run: [Start] Start.exe
O4 - HKLM\..\RunServices: [Msbb.exe] Msbb.exe
O4 - HKCU\..\Run: [Start] Start.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1142199349218
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab

Note -- there are two 'start.exe' and 'Msbb.exe' entries, make sure you get them both.

Close all open browser windows, and then hit the 'Fix Checked' button.

Go to the following locations and delete the highlighted folder and files:

E:\Program Files\Viewpoint

E:\WINDOWS\rundl132.exe
C:\Windows\system32\winsrvs_1.dll

Do a search for the following and delete any instances found:

Msbb.exe
Start.exe

Follow the recommendations and instructions in my signature block below and then post the HijackThis and Ewido logs here in this thread.

Internet :)

hey buddy dlh6213,

got the basic cocept...thanks a lot...and u know what gave rep points to u(since u deserved it) :mrgreen:

thanks again man :D

Glad you understand it.

And thanks for the rep, but until you have at least 11 points yourself, it doesn't actually 'add' to (or subtract from) anyone's score, but they do know you appreciated the help :)

Also, once you give it to one person, you have to 'spread it around,' meaning you have to give it to at least five other people before you can give it to the same person again.

New link for the story:
http://www.totalillusions.net/forum/index.php?showtopic=328&st=0

(The other one seems to have disintegrated... do you suppose bitchchecker had anything to do with that???)

Please do not discuss the use of illegal file-sharing here, it is against the forum rules:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

It'll come pre-installed, but it will be on the hard drive, not on the motherboard :)

They used to include a recovery CD; hopefully they still do that.

When you maximize the window, as Zeroth suggested, instead of using the X to exit, go to File, and select Close; the next time you open IE, it should come up full-screen.

So have you tried System Restore yet?

...why your wife's system attracts more 'nasties' than yours. Her computing habits are doubtless different to yours, and they may expose her to more risk of infection than you experience. An advertisement might spark her curiousity, a 'close' button on an advertising box may be something else in disguise. There will definitely be differences in the places you visit and the way you interact with them.

Zeroth, to expand a bit on what Catweazle said here, instead of closing popups with the X (which some use to 'execute'), right-click on the ad and select Close; this may help prevent some of the problems.

I never got an answer to my question about Acrobat and fixed it myself. I tried a question about why I couldn´t paste stuff on a message here from Firefox someplace else, can´t remember where it´s been so long.

Isn't this the one where Catweazle suggested you remove/reinstall Acrobat and you ended up reformatting? (http://www.daniweb.com/techtalkforums/showthread.php?t=19634&page=2&pp=15)

Here's the one about Pasting, no replies to that one yet (http://www.daniweb.com/techtalkforums/showthread.php?t=21188)

I still say we need a ¨browser¨ forum. Heck by the time we get one, I won´t need it anymore, I´ll have fixed everything myself. (kidding, kidding) :o

Did you notice the new name here? Web Browsers instead of Internet Explorer :)

I think this would be best in the Windows Software forum, so I've moved it accordingly; if anyone thinks it would be better off elsewhere, PM myself, or another moderator, and we'll consider it.

I don't think you can recover the History that has already been deleted, but you can edit the registry so it can no longer be removed. See regedit #101 here:

http://www.kellys-korner-xp.com/xp_tweaks.htm

Be sure to read their instructions and disclaimer at the top of the page before downloading anything.

First try System Restore to go back to a time before you had the problem.

Click Start, All Programs, Accessories, System Tools, System Restore

If that doesn't work, try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Go to this thread:

http://www.daniweb.com/techtalkforums/thread5690.html

1.) Download and install, Ad-Aware SE. In addition to the default settings, check these and make any necessary adjustments:

A.) Close ALL windows except Ad-Aware SE

B.) Click on the ‘world’ icon (at the top right of the Ad-Aware SE window) to let Ad-Aware SE update.

C.) Once the update is finished, click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window.

a.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

b.) Under Definitions:
*Prompt to udate outdated definitions - set the number of days

B.) Click on the ‘Scanning’ button on the left and select in green:

a.) Under Driver, Folders & Files:
*Scan Within Archives

b.) Under Select drives & folders to scan:
*choose all hard drives

c.) Under Memory & Registry, all green:
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

C.) Click on the ‘Advanced’ button on the left and select in green:

a.) Under Shell Integration:
*Move deleted files to recycle bin

b.) Under Logfile Detail Level, all green:
*include addtional object information
*DESELECT - include negligible …

That's interesting... I wonder if Nero or Microsoft are aware of this problem... :confused:

Glad you got it figured out and thanks for letting us know what it was in case it comes up again :)

By the way, there's nothing wrong with using msconfig to boot into Safe Mode (usually), that's what the option is there for.

I'll assume your using Internet Explorer (IE) since that's the forum you posted in.

Click on Tools at the top, and then Internet Options. Click on the Privacy tab, and near the bottom you should see a box that says Web Sites; click on the Edit button inside that box. Type in the address of the website you wish to allow cookies from (like www.yahoo.com), and then click the Allow button. After you've entered all the address you want, click OK. You can add more whenever you find a site you wish to allow cookies for. You can also Block certain sites here as well.

What OS do you have? Since you said it's new, I'll assume it's XP.

There are two ways to do this:

The most common is to reboot your computer and then repeatedly hit F8 while it's booting up.

The other way to to go to Start, Run, type in msconfig, and click OK. When the System Configuration Utility window comes up, click the BOOT.INI tab, select SAFEBOOT, and then OK. You will get asked to reboot and when you do, it will come up in Safe Mode.

When you're done in Safe Mode, go back to msconfig and remove the checkmark from SAFEMODE.

Anyone even thinking about playing around with the registry should first back it up. Here are the instructions for doing so:
http://support.microsoft.com/default.aspx?kbid=322756#2

I'll try to help with what little I can. First of all, go to Add/Remove Programs in the Control Panel -- see if ebates or websavings is there and remove it if it is.

Next, clear out all Temp and Temporary Internet folders; do a search for *.tmp and delete everything found.

Close all windows, scan with hijackthis, and have it fix the following entries, if found:
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

Reboot into Safe Mode and go to C:\Program Files, look for WebSavingsfromEbates and delete it if found.

Reboot normally, close all windows, scan with HJT, and post a new log. Maybe one of the experts will spot something else.

Is this what you're looking for?
http://www.theregister.co.uk/2004/09/02/winxpsp2_security_review/

I don't think this one will answer your question, but you may find it interesting anyway:
http://www.ameritech.net/users/mpr_support/XP-SP2.html

You didn't need to uninstall SP2 because of this, you just need to disable the XP firewall as McAffe (as well as most others) is better anyway. The XP firewall is better then nothing for those that don't have anything else. You should give SP2 another try.

Hey aulakh, welcome to DaniWeb! :) I hate to be the one to tell you this, but there is a notice at the top of this forum requesting that all hijackthis logs be posted in the Security forum as this is where the malware guru's hang out.

Before you post a log there, HJT should not be run from your desktop, it should be in a permanent folder (like c:\hjt\hijackthis.exe). Also, close all windows before scanning with HJT (you had IE open in your last scan).

Good luck!

Almost everything in that log is important! But there are a few things that aren't. Before you fix anything with HJT, however, it should not be run from your desktop, it should be in it's own folder (like c:\hjt\hijackthis.exe).

Once you have it in it's own folder, close all windows, scan with HJT, and have it fix the following entries:
O4 - HKLM\..\Run: [h9ldW0U.exe] C:\documents and settings\ashley taggart\local settings\temp\h9ldW0U.exe
O4 - HKLM\..\Run: [7a.exe] C:\documents and settings\ashley taggart\local settings\temp\7a.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Corel Network monitor worker - {A4831B2C-1CCF-45DF-9150-6CFD097AAB6C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A4831B2C-1CCF-45DF-9150-6CFD097AAB6C} - (no file) (HKCU)

Reboot into Safe Mode, go to C:\documents and settings, (make sure "show hidden files and folders" is enabled), go to each users account, local settings, and delete the contents of each "temp" folder and each "temporary internet" folder (contents only, not the folders!).

Reboot normally, close all windows, scan with HJT, and post a new log. I'm pretty sure there are more items that need to be fixed, but one of the pro's will need to help with the rest.

To help keep bad stuff off your system, install spywareblaster:
http://www.javacoolsoftware.com/
(and keep it updated!)

If you can boot your computer normally, there is another way to boot into Safe Mode with Windows XP:
Boot the computer normally.
Close all open programs.
Click Start, and then click Run; the Run dialog box will appear.
Type msconfig in the box and then click OK.
The System Configuration Utility should appear.
Click on the BOOT.INI tab.
Check the "/SAFEBOOT" option, and click OK.
You will then see the prompt to restart the computer, click Restart.
The computer will then restart in Safe Mode.
When another box opens asking if you want to run in Safe Mode; click Yes.

Happy it helped you echoman, hope it works for whiskeyjar as well.

Before deciding whether or not to upgrade to SP2, review this thread:
http://www.daniweb.com/techtalkforums/thread10031.html

You should try to make sure you don't have any viruses or spyware before upgrading to SP2.

After you move hjt to a permanent folder, you can also delete the red.clientapps. Rescan and post.

Download Ad-Aware from here:
http://www.download.com/3120-20-0.html?qt=adaware&tg=dl-2001

And Spybot - Search and Destroy from here:
http://www.download.com/3120-20-0.html?qt=spybot&tg=dl-2001

If you're using WinXP, create a restore point before proceeding. Run both of these programs and allow them to fix whatever they find.

Then download and run hijack this from one of these links:
http://www.majorgeeks.com/download3155.html
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Don't fix anything in hijackthis yet! Save a log and then post it in the Security Forum along with details about the problems you're having. A tech will review your log and advise you of any additional steps you need to take.

Service Pack 2 (SP2) for Windows XP is a recommended upgrade that fixes many issues (mainly security related). It includes all of the Critical Updates that have been issued since Windows XP was released, which should simplify new installations as well as reinstallations.

This thread will help you decide if you should get SP2, how to prepare for it, and some things to expect if you do.

First, make sure you meet the system requirements:

At least a 233MHz processor
At least 64MB of RAM (256MB is more realistic)
At least 1.8GB of free hard disk space (SP2 is about 75MB, but apparently needs 1.8GB to install)

And you must be using one of these Operating Systems:
Windows XP Home
Windows XP Professional
Windows XP Media Center Edition
Windows XP Tablet PC Edition
NOT for Windows XP 64-bit version

Once you are sure you meet these requirements, go to this link for a list of known conflicts with SP2:
http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxpsp2

If you are using any of the programs with conflicts, you need to decide if you want to go ahead and deal with any problems, remove the conflicting programs, or wait for patches to come out before installing SP2.

Once you have decided to upgrade to SP2, there are two options:

1.) Download, which, due to its 75MB size, will take awhile, even with DSL or cable.
-- Click on Start and look …