DMR

You're pretty loaded down with infections, and I'm a bit surprised that Ad Aware and Spybot didn't clean some of them out. A couple of things you need to take care of before continuing with HijackTHis: 1. [b]C:\DOCUME~1\david\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe [/b] The log entry above indicates that you …

Try running SpyBot while booted into Safe Mode; if you've got some serious "nasties" on your system, they can sometimes "choke" the detection and removal utilites.

Aurora can be a real pain to remove, because it installs hidden files that regenerate the infection after trying to "fix" it with something like HijackThis. The names of the infected .exe files will also change/morph each time you reboot, making it difficult to delete them. Please do the following …

You need to give us specific details if you want us help you most quickly. - What is the exact name of the trojan? - Where (in what folder) does Norton indicate that the infected file lives? - Norton keeps a log/report of its actions; look in the report to …

The most likely cause is a malicious alteration to your Hosts file, or the addition of another, bogus Hosts file. 1. Open Windows Explorer, click the Search button, and: - In the box where you specify a filename to search for, type "hosts" (without the quotes). - In the "Look …

Although I have [i]no [/i]idea what they are, it doesn't appear that they're malicious at all. They seem to be an error log created by legit programs; I've seen references to the fact that Photoshop is one of those programs. If they come back, look at the contents of one …

1. I'm not sure what [i]did[/i] happen when you ran CWShredder, but CTHELPER probably wasn't the cause. 2. Have HijackThis fix: [b] O4 - HKLM\..\Run: [awvycup] c:\windows\system32\awvycup.exe [/b]3.Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected …

Hi bella69, welcome to Daniweb :) Your log does indicate a few different infections, but we need to take care of one thing first: [b] C:\DOCUME~1\ANNABE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe[/b] The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following: Create …

I'll just put out the fact that downloading/playing online games is a good way to get loaded up with adware and spyware, but that said, I don't see any obvious "nasties" in your log. A few thoughts: 1. Open the Event Viewer utility in your Administratve Tools control panel and …

[QUOTE=weaselco]First off...[/QUOTE] Erm, weaselco- look at the date of the last post in this thread. The thread has been dormant for over one year; why are you digging it up now?

Hi Adrian, Many of these infections [i]do[/i] "morph", and because of that, they can be rather difficult to weed out. Please do this to start with: Download HijackThis: [url="http://www.majorgeeks.com/download3155.html"]http://www.majorgeeks.com/download3155.html[/url] Once downloaded:: A) Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such …

In addition to your Symantec scan, you should do a least two of the following free online virus/spyware scans; they may catch things that Symantec didn't: [url]http://www.kaspersky.com/scanforvirus.html[/url] [url]http://housecall.trendmicro.com/[/url] [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] [url]http://us.mcafee.com/root/mfs/default.asp?cid=9914[/url] [url]http://www.ravantivirus.com/scan/[/url] Let us know what (if anything) those scans found, and if they were able to remove the mailer infection.

You have a few different infections, so this will take a couple of steps. Please be patient: 1. Remove Newdotnet, either from your Add/Remove Programs control panel, or by going [url="http://www.newdotnet.com/#remove"][u]here[/u][/url] and scrolling down to the uninstall tool. 2. Go [url="http://computercops.biz/postt106277.html"][u]here[/u][/url] for the instructions on how to remove the Bube.d …

That still looks pretty ugly. :( Did you have a chance to follow ([i]exactly and completely[/i]) the bube infection removal procedures in the link that crunchie gave earlier? If not, you need to do that now. While you definitely have other "unwanted guests" on your system, the bube infection is …

As nicentral noted, there are no obviously suspicious or abnormal processes/programs listed in your log. [QUOTE=csceci]It keeps appearing in my computer when I have to restart[/QUOTE]If you are saying that you get an error or message concerning the process, please post the [i]full [/i]contents of the message. If you mean …

[QUOTE]Then mid week it appeared that some sort of worm had infected the system. SUDDEN onset of MULTIPLE pieces of spam mail showing up in my mailbox.[/QUOTE]Keep in mind that being on the [i]receiving[/i] end of a spate of spam emails could more likely indicate that someone you know (or …

Your log shows no signs of anything nasty, nor does it show any sign of corruption in your networking software. 1. Regardless, the first thing to do when troubleshooting network connection problems is to temporarilly disable your firewall software. Your log indicates that you currently have McAffe's Internet security software …

Lol- sounds like you're looking for answers to homework questions... :p [QUOTE=vivek.kutal]What is the difference between F.S.B & bus speed of a processor[/QUOTE][url="http://www.google.com/search?q=fsb+processor+bus+speed&hl=en&lr=&start=0&sa=N"]"Googleage"[/url] [QUOTE=vivek.kutal] what actually happnes when the hard disk jumper setting is "upper 32 gb"[/QUOTE][url="http://www.google.com/search?hl=en&lr=&q=%22hard+drive%22+%2232GB+clip%22&btnG=Search"]"Googleage"[/url] [QUOTE=vivek.kutal] what is the difference between 40 conductor & 80 conductor data cables …

[QUOTE=hollystyles]I've found you can't give rep points to anyone twice in a row either.[/QUOTE] There are certain limits put in place on the whole points system to avoid abuse such as boosting Rep Points by getting friends to repeatedly "pad" your positive Rep, or "Rep bombing" someone with negative points …

That's a pretty nasty pot of Spyware Soup you've got cookin' there... :mrgreen: Please do the following (if, from the infected computer, you cannot download the utilities we ask you to use in the course of this, you'll need to use another computer to download them, burn them to a …

A few more things need to go. 1. Open a DOS box by typing "command" (omit the quotes) in the "Run.." option under your Start button menu. - At the command prompt in the DOS window, type the following command: regsvr32 /u C:\WINDOWS\SYSTEM\HIJENCA.DLL Close the DOS window after the command …

Ouch- it's really strongly recommended that you [i]not[/i] upgrade to SP2 on an infected or otherwise problematic system. Bad Things can happen, as it seems you may have discovered. :( I'm quite certain that the Atlcu32.exe file is a component of a malicious infection, but it sounds like you'll have …

Your log is pretty clean; just a couple of small nasties to fix. Put a check next to the following items and then click the "Fix checked" button: [b]R3 - URLSearchHook: HyperSearchHook - {C69D0BFE-3584-447B-BB42-ADADECD323C0} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINNT\webdir.dll[/b] More …

Are you sure you posted the [i]full[/i] contents of the HJT log? That one looks abnormally short...

First try the instructions given [url="http://www.daniweb.com/techtalkforums/thread19959.html"]in this thread[/url]; they seem to have worked for others members who were infected with Hotoffers. If that doesn't fix the problem for you just let us know, post a new HJT log, and we'll go from there.

Hi Paul, A couple of things: 1. There are usually more "R0" and "R1" entries in a HijackThis log, reporting things like Internet Explorer's default Home page, Search page, etc. It's possible that you may not have those entries in your particular log, be just to be sure: are you …

Let's skip the automated log analyser; it's honestly better for us to work from your original log. Please do the following: Run HijackThis, but do not have HJT fix anything yet; only have it scan your system. Once the scan is complete, the "Scan" button will turn into an option …

Hi rushyx, welcome to the site :) The "smitfraud" and "Security iGuard" infections are related, and you have both. Please follow the removal instructions in the link below and then repost here with a new HijackThis log and an update on whether or not you see an improvement after performing …

Hi Adrianne, welcome to TechTalk. :) Please do the following to start us off: 1. Download [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]HijackThis[/url]: 2. Once downloaded, follow these instructions to install and run the program: - Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as …

[QUOTE=davinci]64mb ram[/QUOTE] With XP?! [i]Please[/i] tell us that's a typo. :eek: :eek: Until you can post more info, here are a couple of suggestions: Bad RAM is definitely one thing that can cause such behaviour. Make sure the RAM modules are firmly and properly seated in their sockets, and test …

Hi sanperry, One thing about your posts: you appear to be starting a new thread for each of the reponses you post, as opposed to replying to [url="http://www.daniweb.com/techtalkforums/thread22672.html"]the thread you originally started[/url]. You need to make sure to post your replies in the original thread, as it will be very …

1. Outlook should allow you to view the details of the error by clicking the yellow exclamation-point icon that appears in the lower right-hand corner of Outlook's Window when a send/receive error occurs. Please locate that info and paste the full and exact text here; there's usually an error code …

Hi alexanderp513- welcome to the site :) Please do the following to start with: - Download the (free) HijackThis utility from [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]here[/url]. - Once downloaded, follow these instructions to install and run the program: 1. Create a folder outside of any Temp/Temporary folders for HJT and move it there now. …

The first question to ask in that reagard is: why do you want to do a flash upgrade to the BIOS in the first place? If you aren't currently experiencing any of the specific problems that the particular flash upgrade is said to fix, you shouldn't perform the procedure. If …

The first (and easiest) thing to check out is this: XP creates a default account for a [i]user[/i] named "Administrator", and this account is different fron any other user accounts which are members of the "Administrators" [i]group. [/i]You'll sometimes find that although passwords have been set for all other user …

Also- what are the makes/models of the NICs you've tried, and what corresponding drivers are you using?

Money.msi is the Windows Installer component for MS Money. Unfortunately, it is not (as far as I know) available as a separate download, as it part of the Money installation package and normally exists in the same location as the rest of the original Money installation files. In your case, …

Hi bama.mal, welcome to the site :) [QUOTE]I know this is a dangerous subject because you never can tell what is really going on...[/QUOTE] Unfortunately, you're right. Bypassing password protection [i]is[/i] a "dangerous subject", for just the reason you state: we have no way of knowing if a member who …

Sounds like a possible driver issue. - What version of Windows are you running, and what is the make/model of the controller card? - Is the controller card reported to be working properly in Device Manager.

[QUOTE=Dj_Dan]all files were deleted i think except [color=DarkRed]C:\WINDOWS\System32\{007D53FO.....} [/color] which wasn't to be found.[/QUOTE]Sorry, that wasn't quite the right path. It should have been: [color=DarkRed]C:\WINDOWS\System32\[b]Services[/b]\{007D53F0-7FE3-40B6-BD90-A305EE4B59AB} [color=black] Some of the other nasties have respawned as well. Have HJT fix these again: [/color][/color][b][color=black] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DANNYH~1\LOCALS~1\Temp\se.dll/spage.html R1 - …

Hello beauchicox3, welcome to the site. :) [b] 1.[/b] Your log does still indicate at least one infection, but you need to take care of one thing before we proceed: [b] C:\Program Files\Internet Explorer\iexplore.exe[/b] The log entry above indicates that you had at least 1 instance of Internet Explorer running …

A little more information would help us. What exactly happens when you try to perform the tasks? Do you get any errors? If so, what are they (exactly)? Has anything happened to the system lately that might contribute to the problem (crash, installation of new software, etc.)?

1. Please download the following two "about:blank"- related removal tools. Also print out the instructions given for each regarding their setup and execution: [url="http://www.majorgeeks.com/download4289.html/"]About:Buster[/url] and [url="http://www.majorgeeks.com/download4286.html"]HSRemove[/url] Run About:Buster and then run HSRemove, being sure to follow the directions you printed out in each case. 2. Open your Add/Remove Programs control …

Hello dsandor, welcome aboard :) Don't worry about what you need to delete and how you need to do it; we'll give you very specific instructions on all of that. [b] 1.[/b] Open your Add/Remove Programs control panel and uninstall all Security iGuard, StopSign, and eAcceleration programs that you find …

Good job- your latest log is clean. :)

No signs of "nasties" in that log; just a couple of loose ends that you might want to clean up: [b] O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [/b]

The bube and nail.exe infections are, unfortunately, a couple of the more stubborn nasties; general utilities lke McAfee, Ad Aware, etc. won't be of much use. 1. For the bube infection, please follow the procedures outlined in the link below [i]carefully and completely[/i]: [url]http://www.broadbandreports.com/forum/remark,12688162~mode=flat[/url] 2. Once you complete the above, …

Mounting FAT32 and NTFS volumes in Linux are pretty much the same process. - What distro (including version) of Linux do you use? - What is the drive/partition layout for the system in question? - What [i]exact [/i]problems are you having, and what (if any) errors do you get? - …

Hotoffers infections have been a pretty popular topic here in the last few months. Please review the suggestions given in our recent hotoffers-related threads and see if one of those solutions works for you: [url]http://www.daniweb.com/techtalkforums/search.php?searchid=373139[/url] If you cannot find a fix that works, or if you have any questions about …

There are more than a few reasons why you might get that error, including a corrupt email (or email account), interference from your anti-virus or firewall software, or damaged TCP/IP software. - Try testing send and receive separately if you haven't already. Can you do one but not the other, …