kylethedarkn

Currently I am at my public library but when i get home i will tell you how to get rid of that annoying little trojan.

Cuts ya deep. Eh, crunchie

Could you please post this not in code format so that it is easier to read and fix. After you do that i will take a look at it and well fix this trojan.

First of all move HJT to a permanent folder such as C:\HJT\ or something similar. Okay a couple things are left on your computer. First run HJT and place a checkmark next to the following. O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd"> O1 …

Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool(Now called AVG) [/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other Applications[/COLOR] Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] [*]Wait Ewido will open main screen automatically. [*]Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click …

Suddenly upon booting my computer i get the error ntdlr is missing press alt+crtl+del to reboot. I have tried some of the fixs online but they all include using the win xp disc to boot to command prompt. I dont have the win xp recovery disk, but i do have …

Hmm.. There are two files that could be normal or could be malware. So i want you to scan them. C:\Program Files\RSI Saver\nhc.exe(Don't know what RSI saver is, couldn't find and info on it.) To scan these go to [URL="http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fvirusscan.jotti.org%2F&ei=jVGERbzULI38oQK6pKxO&usg=__HTupoDnI22oS9Y1Dj74pa20f630=&sig2=12Mg8uOwVvvfwdB5Nyk2cw"]here [/URL]and upload them. Post the results here when the scans …

Sorry about the delay, i guess ill take over for DMR. First of all got to Control Panel and then Add/Remove progams. Uninstall Viewpoint Manager. Move HJT to its own folder such as C:\HJT\ or something similar. Now run HJT and place a checkmark next to the following if they …

First of all move HJT to a permanent folder such as C:\HJT\ or something similar. Ok not a bad infection. Run HJT and put a checkmark next to the following items. O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\system32\dflnl.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [URL]http://www.popcap.com/games/popcaploader_v6.cab[/URL] Click Fix Checked. Now Reboot to …

Not any official malware persay, but there is one toolbar on your computer that is open to debate. Did you purposely install weatherstudio on your computer? Also did you add [URL="http://194.164.34.97/"]http://194.164.34.97[/URL] as a trusted ip? If you didn't do either then do the following. Run HJT and place a checkmark …

I want you to go [URL="http://virusscan.jotti.org/"]here [/URL]and upload and scan the following file called update.exe. C:\WINDOWS\SoftwareDistribution\Download\d02eed8b27b568c24c0de02bbc04855d\update\update.exe Post the results of that scan back here.

Please post a HJt log.(there are instructions in the stickys). Also i never use the safely remove hardware thing and my removable drive is fine.

This doesn't look like a complete log. Are you sure you didn't delete anyting from it? If you did then please post the full log we need to see that info so that we can fix your computer. If you didn't please change the name of hijackthis.exe to something else …

It seems that this little malware hides itself pretty good. because i compared your log with another person who had the same problem and there were no similarities. However you do have some other nasties we can get rid of. First run HJT and place a checkmark next to the …

Also is it failing to block all pop ups or just when a bunch pop up at once. Sometimes if a pop up blocker is overloaded one or two pop ups will get through. Also heres the scanners i recommend. AVG-anti spyware AVG anti virus Xoftspy(for fast scan)

Ok a couple traces of malware. First run HJT and put a checkmark next to the following. O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll O20 - AppInit_DLLs: pushow92.dll Do you know what C:\Program Files\TRIXX\TRIXX.exe is? If you dont place a checkmark next to the following. …

Sorry to hear that. We could of got you through it. Oh well though.

I would use VundoFix. Also the IE7 problems are unrelated usually.

Also I personally would update from Windows Me because the internet and Windows ME don't really mix well.

Well the extremely suspicious process is update.exe running from the registry out of common files. To get rid of it lets do the following. Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool(Now Called AVG) [/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other [URL="http://www.daniweb.com/techtalkforums/thread48297.html#"]Applications[/URL][/COLOR] Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] …

A couple things. One probably isn't malware related but just in case please post a HJT log. No its not really that bad as long as you get the updates once in a while ecspecially service packs and such.

A couple things First of all could you include a HJT log. Also i think it says in the stickies to scan with AVG anti-spyware first, but i'll give instructions anyways. Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool(Now called AVG) [/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other [URL="http://www.daniweb.com/techtalkforums/thread48297.html#"]Applications[/URL][/COLOR] Select language click [B]Ok[/B] [*]Click …

Well you can do two things. One try reinstalling the AT&T thing(motivesb.exe) or you can run HJT and check the following. O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe Then click fixed check. This will make it not try to start up and therefore no error.

Or you could just make three seprate lines in a row. Wouldn't that be crazy.

Buy a usb keyboard. Its a stronger connection and easy becasue its plug and play meaning no setup. You just plug it in and it works. The problem could be caused by a driver conflict or something simple like that. Try uninstalling any software that you installed with the scanner …

Hmm the log is clean the only suspicious thing is that there are like 12 yahoo widget processes running. Well lets do an AVG scan then. Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool(Now called AVG) [/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other [URL="http://www.daniweb.com/techtalkforums/thread48297.html#"]Applications[/URL][/COLOR] Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] …

Two questions. First What kind of surface is the mouse on if its a clear surface such as a glass desk the mouse would not work cuz it wouldn't pick anything up. Are you sure the mouse isn't broken. Try putting the mouse on your hand and moving it.

Yeah I bet explorer.exe isn't starting up to begin with. I'll have to ask someone who knows more about the windows config to figure how you can make it do it automatically again, but for now just use task manager to run explorer.exe.(thats all you have to type in the …

For the most part your log is clean, however i found one little piece of malware that might be the cause. So do the following. Run HJT and check the following. O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll Click fix checked. That should have deleted the file but check …

Lets start by just scanning your computer with AVG anti spyware. here are the directions. Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool(Now called AVG) [/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other [URL="http://www.daniweb.com/techtalkforums/thread48297.html#"]Applications[/URL][/COLOR] Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] [*]Wait Ewido will open main screen automatically. …

Ok lets get started. Run HJT and put a checkmark next to each of the following. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing) O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll (file missing) O2 - BHO: metaspinner GmbH …

There is also a fix in the stickys so you should look at that.

Those really aren't the most threatning of malware and i think we can get most of them with a good scan so try the following. Please download and install [URL="http://www.ewido.net/en/product/"][B]ewido anti-spyware tool[/B][/URL][LIST] [*]Close all other Applications Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] …

Quite alot of nasties there. First lets run the followng program to get rid of most of the nasties. Please download and install [URL="http://www.ewido.net/en/product/"][B]ewido anti-spyware tool[/B][/URL] [LIST] [*]Close all other Applications Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] [*]Wait Ewido will open main …

Xxpenetrator is right. lsass.dll(not to be confused with lsass.exe)Is the Adware Purityscan. And the other is a nastie toolbar. Lets Start by doing the following. Run HJT and place a checkmark next to the following. O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nso78.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll Click fix …

First of all you could do a system restore if you have a restore point from before the infection. The above post probably wont do anything but take up space on your computer. Your suspicions were right your are infected with the [B][U]WORM_SPYBOT.GP. [/U][/B]Lets see what we can do. First …

I vaugely remember a situation like this that was the cause of malware but because the log is clean it doesn't look like that's the case. But lets test one more thing change the name of hijackthis.exe to something like scanner.exe and run the scan again. Post that log here. …

I'm reposting you HJT log in this post so that it is easier for me to look at. Logfile of HijackThis v1.99.1 Scan saved at 2:51:42 AM, on 9/15/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program …

I made a program that is supposed to ask for a shape and then make a green shape and then ask you if you wanted to make another shape. That didn't work so I changed it to ask if you wanted to make another shape after this one and put …

Your log looks clean. Could you explain in detail the problems your having also I would like you to run the following scanner. Please download and install [URL="http://www.ewido.net/en/product/"][B]ewido anti-spyware tool[/B][/URL][LIST] [*]Close all other Applications Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] [*]Wait Ewido …

You are infected with Viewpoint Manager and a few other things, unfortunetly im at school right now, but I will solve this problem tonight in the meanwhile do the following. Please download and install [URL="http://www.ewido.net/en/product/"][B]ewido anti-spyware tool[/B][/URL][LIST] [*]Close all other Applications Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] …

You have a few things on your computer so lets get that fixed up. Run HJT and put a check mark next to the following. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm R0 - HKLM\Software\Microsoft\Internet …

My mouse whell stop working in the sense that if you roll it up and down it wont do anything but if you click it in so the circle with the arrows appears it works like that. Also sometimes the mouse wheel will randomly work for a while and then …

Ok lets try a couple things. Run HJT and put a checkmark next to the following. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; <local> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Click fix checked. Please download and install [URL="http://www.ewido.net/en/product/"][B]ewido anti-spyware tool[/B][/URL][LIST] [*]Close all other Applications Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] …

IE isn't that good. Firefox is better so I would recommend using that, but your computer is still infected so do the following fixes. Go to Control Panel\Add Remove Programs and remove the following. FreezeScreen or something similar New.net or something similar Now run HJT and put a checkmark next …

Extract HJT from its zipped folder to a location like C:\HJT\ Nothing major but run HJT and check the following. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe Close all other …

Ok First run HJT and check the following. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINNT\system\svchost.exe O4 - HKLM\..\Run: [SNP Generic Host Process] C:\WINDOWS\system\svchost.exe O8 - Extra context menu item: &Search - [URL="http://bar.mywebsearch.com/menusearch.html?p=ZCxdm411YYDE"]http://bar.mywebsearch.com/menusearc...p=ZCxdm411YYDE[/URL] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - …

Sorry to jump in here, but if you need a program like Kazaa I recomend Limewire. Unfortunetly this also downloads adware, but I found a loop hole in there plot. If you delete the folder C:\Documents and Setting\"Whatever the Admin is here\Complete\ then no adware will be downloaded. But you …

My mouse wheel stopped working randomly. Not malware related I checked my self and have scanned with everything so I know its not that. Everything with the mouse settings is fine. Any idea what happend?

I dont see anything but try the following. Please download and install [URL="http://www.ewido.net/en/product/"][B][COLOR=blue]ewido anti-spyware tool[/COLOR][/B][/URL][LIST] [*][COLOR=red]Close all other Applications[/COLOR] Select language click [B]Ok[/B] [*]Click [B]I Agree [/B] [*]Click[B] next[/B] [*]Click [B]Install[/B] [*]Click[B] Finish[/B] [*]Wait Ewido will open main screen automatically. [*]Wait again a few minutes and Ewido Should Auto update …