2,959 Posted Topics
 | So far my day has been kind of [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/puke2.gif[/img], but I think a few [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/beerdrink.gif[/img]will help. |
| | Hi Derek, I see nothing in your log which would account for the browser troubles; have you done any general network troubleshooting to rule out a possible non-malicious cause? If so, please tell us what you've tried so far.  |
| | Hi marksummy, First of all- welcome to the site. :) The files you mention are pieces of the evil Aurora infection, although it looks, judging from your log, that you've been able to remove [i]some[/i] of that infection already. To start with, please follow these Aurora removal instructions fully and … |
| | "Canned instructions" for HijackThis: Download the (free) HijackThis utility: [url]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow these instructions to install and run the program: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do. Run HijackThis, but … |
| | Giving us specific info about the computer and its configuration would really help it wouldn't be a Dell by any chance, would it?), but here are a couple of general thoughts: 1. "Cover previously removed" is just a warning message that some computer's will give you to indicate that the … |
| | Support for drives/partitions greater than 137G did not appear until Service Pack 3, but even with SP3 (or 4) installed, there's still a Registry hack involved. See the following Microsoft Knowledgebase article for the whole story: [url="http://support.microsoft.com/default.aspx?scid=kb;en-us;305098"]http://support.microsoft.com/default.aspx?scid=kb;en-us;305098[/url] |
| | 1. You need to take care of one thing before we proceed: [b] C:\Documents and Settings\Admin\Local Settings\Temp\HijackThis.exe[/b] The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following: Create a folder outside of any Temp/Temporary folders for HJT and move it there … |
| | In addition to Ad Aware and SpyBot, download, install, and run: ewido Security Suite - [url]http://www.ewido.net/en/download/[/url] Microsoft Anti-Spyware beta - [url]http://www.microsoft.com/downloads/...&displaylang=en[/url] Open each program, use its online update feature to get the most current definitions installed, at run it. After each utility completes its fixes, reboot before continuing on to … |
| | |
| | |
| | Hi stefan, welcome to our site. :) To start with, please do the following: Download the (free) HijackThis utility: [url]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow these instructions to install and run the program: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such …  |
| | [QUOTE=joe_sausage]i think i got everything. [/QUOTE]Almost ;) 1. Run HJT again and have it fix: [b] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = [url="http://localhost/"]http://localhost[/url] O4 - HKCU\..\Run: [zmmm] C:\PROGRA~1\COMMON~1\zmmm\zmmmm.exe [/b]2. Delete the entire [b]C:\Program Files\Common Files\zmmm [/b]folder. 3. Empty your Recycle Bin and reboot. 4. Run HijackThis again and post the new … |
| | Re: Uninstalling AIM Hi thnk4once, welcome to TechTalk :) [color=black] We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it … |
| | There is a standard Aurora removal procedure now, but judging from your HTJ log, it doesnt look like you've done it yet: You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text … |
| | Hi Atreyu, welcome to the site. :) Unfortunately, you didn't post the [i]full[/i] contents of your HijackThis log (the top half is missing). Please do this: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis … |
| | Re: Hi! Hi ~Princessy707~, welcome to the site! :) What sort of tips are you looking for? Let us know, and we'll help you out. |
| | 1. The only obvious "malicious" entry in your log is this: [b] O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain[/b] Wild Tangent programs come bundled with adware/spyware: I would suggest you remove those programs through your Add/Remove Programs control panel. 2. You might want to reconsider your use of SpyKiller … |
| | You've definitely got the Aurora infection, but you've got a lot of nasties as well. Please do the following before we move on the specific Aurora fix: 1. Go to your Add/Remove Programs control panel and uninstall any of the following programs if you find them listed there: 180 Solutions … |
| | [QUOTE=Coconut Monkey]kashfkb, I've merged your two threads into one. Creating a new topic for each useful website you find would result in a fair few threads cluttering up the forum, so it's better to keep it all together. ;) Please post future useful networking links in this thread for now.[/QUOTE]Yes, … |
| | [QUOTE=tgober]When I typed in the unregistration command prompt instruction, it stated that the casmf.dll file could not be found. [/QUOTE]Try using the full path of the file when you unregister it: [b][color=Black]regsvr32 /u C:\Program Files\Cas\Client\casmf.dll[/color][color=#ff0000][/color][/b] |
| | Hi kashres, welcome to our site. :) Your log does shows signs of Aurora, as well as few other "unwanted guests". However, we need to take care of one thing before proceedign with the fixes: [b] C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe [/b] The log entry above indicates … |
| | Hi Latinflo, Can you please post a new HijackThis log as well? Thanks. |
| | Re: Awkward Hello's [QUOTE=Anti-Smiley]So this is where all the smart kids hangout ey?[/QUOTE]LOL. Smart "kids", eh? Watch it there now; most of us are us rather crust old-timers... :mrgreen: Welcome to our site A_S! :) |
| | 1. The desktop icons and at least some of the pop-ups are due to the CasinoClient infection identified in this log entry: [b] O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" [/b]Symantec has a description of the infection and removal instructions here: [url="http://www.sarc.com/avcenter/venc/data/adware.casinoclient.html"]http://www.sarc.com/avcenter/venc/data/adware.casinoclient.html[/url] 2. This log entry is a right pain … |
| | You're right- running HijackThis (and then posting the log it generates) is the first step; here are instructions which should help: Download the (free) HijackThis utility: [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow these instructions to install and run the program: Make a new folder outside of any Temp/Temporary folders for HJT and … |
| | Before doing a full reinstall, you can try a Repair install. The repair process will replace your damaged/infected/missing Windows system files with fresh copies from the CD, but will (or at least [i]should[/i]) leave your programs and data intact. Step-by-step instructions for doing the repair can be found here: [url]http://www.michaelstevenstech.com/XPrepairinstall.htm[/url] |
| | Hi Ibex, I see that this is your first post; welcome to the site. :) Unfortunately, the CWS infection is actually an entire [i]family[/i] of infections, and many of the newer variants can be quite difficult to remove. In addition to that, you log indicates other infections as well. HijackThis … |
 | Re: msconfig What version of Windows? Msconfig doesn't exist in Win 2000, but in 98 and XP, click on the "Run..." option under your Start menu, type msconfig in the resulting "Open:" box, and then hit the OK button. |
| | Hi GoodmanHR, 1. dlh6213's assesment of your log looks pretty much right to me, however, I'd like more info on two items in your log if possible: [b] O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe [/b]and [b] O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - … |
| | [QUOTE=tedward1986]... every time i boot windows, i get an error message that says windows cannot find C:/WINDOWS/Nail.exe[/QUOTE]Nail.exe is part of the Aurora infection; we'll get rid of the error message in the course of disinfecting your system. |
| | [QUOTE=Catweazle]I've moved this to our Viruses and Nasties section, where you will get the appropriate help. [/QUOTE]Thanks CatWeazle. :) porquat, Let's start with the following so that we can get an initial idea of exactly which infections have invaded your computer: Download the (free) HijackThis utility: [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow … |
| | Those stop errors point either to faulty RAM or a kernel-level process gone haywire. Have you changed any hardware or upgraded drivers or other critical software lately? Also, what kind of sound card do you have? The second stop code can be related to a driver issue with Audigy sound … |
| | Hi Hyatt76- welcome to TechTalk :) First of all, you need to start your own thread for your question. For one thing, your question will not get lost at the end of an old, long thread such as this one. The other reason is that threads quickly become difficult to … |
| | 1. [QUOTE] I didn't find C:\Documents and Settings\Owner\Application Data\eetu.exe to delete it[/QUOTE]Did you have Explorer set to show hidden files and folders?: Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide … |
| | angus71, We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that … |
| | There are one or two hidden files which will keep bringing the Martfinder hijack back to life if you don't fully remove the infection. Please do the following so that we locate those files: Download: "StartDreck", from [url="http://www.niksoft.at/download/frames.htm?http://www.niksoft.at/download/startdreck.htm"]here[/url]: Unzip to its own folder and start the program, Press 'Config' Press … |
| | The following is a specific fix for the Aurora infection, but it should clean up some of the other infections evident in your log: You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into … |
| | First of all, please do the following: Download the (free) HijackThis utility: [url]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow these instructions to install and run the program: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do. … |
| | A few things: 1. That log looks [i]very[/i] short; were you running in Safe Mode when the HijackThis scan? If so, please try to post a log generated while booted into Windows normally. 2. [b]C:\Program Files\Internet Explorer\IEXPLORE.EXE[/b] The log entry above indicates that you had at least 1 instance of … |
 | 1. [QUOTE=moyon_x]i wanna know what does any of this process running do, can u tell me please?[/QUOTE]The following site will give you a description of most (if not all) of processes you have questions about It will also usually tell you whether or not it's necessary to have a given … |
 | Re: Delete a post [QUOTE=belama]It wouldn't look good if everyone would delete their old posts. If you delete some posts here and there, threads would change and possibly good content would disappear. It would also make threads hard to follow if some posts would refer to other post that would not be there anymore.[/QUOTE]Right … |
| | Hi ElectricElmo, welcome to the site :) Your log shows signs of a BargainBuddy adware/spyware variant, as well as at least one trojan infection. For a pretty thorough cleaning, try this: 1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they … |
| | [QUOTE] A Required.DLL file, OLEACC.DLL, was not found.[/QUOTE]Certain versions of Win 98 either did not have that dll at all, or had an outdated version of it. The following Microsoft article tells you how to get the right version of the file: [url]http://support.microsoft.com/default.aspx?scid=KB;en-us;810684[/url] |
| | matthell, Could you please post one final log for us to review so that we can make sure that everything is really clean? Thanks. |
| | [QUOTE=parttimer]I have SBC Yahoo DSL here in San Francisco.[/QUOTE]Sorry to hear that. Send me an email; I'll come down from Marin over the weekend and fix it for you. :mrgreen: [QUOTE=parttimer]I have been reading on the threads and other sites that tells me that in general, for SBC Yahoo DSL … |
| | drpmon.dll is part of the evil Aurora infection that's making the rounds lately. Please follow the instructions below fully and carefully to (hopefully) remove the beast: You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save … |
| | A. Your log indicates multiple infections, but it also seems to be missing a section at the end. A HJT log from a Windows XP or 2000 system usually has a list of "O23 - Service:" entries after the "020" entries. Are you positive you posted the [i]full[/i] text of … |
| | 1. rkfiles doesn't give you any feedback when it creates its log, it just makes a log file in your main C:\ folder called "log.txt". Open the log.txt file in Notepad and copy the contents into a post here. 2. svchost.exe is a valid Windows system file which manages other … |
| | [QUOTE]I'm pretty sure tnluj.exe is responsible for that[/QUOTE]It's more than that... :( You said that you've already run SpyBot and Ad Aware, so please do these additional things: You'll want to print these instructions out or save them into a text file with Notepad; you'll be disconnected from the Internet … |
 | Your log is clean. :) 1. 17K isn't bad for the winlogon process; I've seen it chew upwards of 600K on perfectly healthy machines. 2. The Winlogon Notify reg entries are legit. igfxsrvc.dll is a software component for Intel's accelerated graphics hardware; opxpgina.dll is part of OmniPass' sercure password management … |
The End.