I'm not sure if this is something serious
- Thread starter chipopo
- Start date
- Status
Bobbye
Posts: 16,313 +36
momok will be following up with you chip- I missed the language- thought it was Russian! In the meantime, you can adjust your Cookie settings:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
This will help in the future to prevent the Tracking Cookies. Using the add-ons I mentioned will also prevent some adware from loading.
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
This will help in the future to prevent the Tracking Cookies. Using the add-ons I mentioned will also prevent some adware from loading.
momok
Posts: 2,127 +6
Hi,
Pls start HijackThis and fix the following entries:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [dmusrd8] rundll32.exe "C:\Documents and Settings\àéìï\Local Settings\Application Data\dmusrd8\dmusrd8.dll", DllInit
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\àéìï\úôøéè äúçìä\úåëðéåú\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\àéìï\úôøéè äúçìä\úåëðéåú\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
On top of that, please delete the two folders that we have discussed earlier:
C:\Documents and Settings\àéìï\Application Data\MSA\
C:\Documents and Settings\àéìï\Local Settings\Application Data\dmusrd8\ < credit to Bobbye for confirmation that this is bad
Empty your recycle bin too.
Once you have done that, reboot your system and post a fresh hijackthis log. Let us know if you have any problems following this reboot too, thanks.
Pls start HijackThis and fix the following entries:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [dmusrd8] rundll32.exe "C:\Documents and Settings\àéìï\Local Settings\Application Data\dmusrd8\dmusrd8.dll", DllInit
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\àéìï\úôøéè äúçìä\úåëðéåú\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\àéìï\úôøéè äúçìä\úåëðéåú\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
On top of that, please delete the two folders that we have discussed earlier:
C:\Documents and Settings\àéìï\Application Data\MSA\
C:\Documents and Settings\àéìï\Local Settings\Application Data\dmusrd8\ < credit to Bobbye for confirmation that this is bad
Empty your recycle bin too.
Once you have done that, reboot your system and post a fresh hijackthis log. Let us know if you have any problems following this reboot too, thanks.
here are the results
thanks bobbye and momok.
bobbye, I went through all of your steps but my setting were just like what you asked me to change them to.
momok here is the new log. the only problem I had was deleting the second folder that you mentioned. I was told that I can't delete the file because it might be in use etc...
thanks bobbye and momok.
bobbye, I went through all of your steps but my setting were just like what you asked me to change them to.
momok here is the new log. the only problem I had was deleting the second folder that you mentioned. I was told that I can't delete the file because it might be in use etc...
Bobbye
Posts: 16,313 +36
Well, you're almost through, but we need to remove a few entries in HJT:
The way it reads now, you are instructed the system to use a Proxy Server. But at the same time, you are telling it to override the Proxy Server. There is also a page coming up "Blank." This is okay if you have intentionally set a homepage to display blank, but if you have not, then it needs to be removed
So one last time:
Reopen HijackThis to 'do system scan only'. Check each of the entries below:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
If your ISP requires you to use a Proxy Server, leave the following. If not, check it.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
IF you want the MAN connection to override the Proxy Server, ;leave the following. If not, check it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Close all Windows except HijackThis. Click on "Fix Checked".
Run the following online scan: Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesn't work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
---------------------
If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.
If the scan is clean and there are no more problems, I'll instruct you in removing all the cleaning tools and set new restore points.
Almost through!
The way it reads now, you are instructed the system to use a Proxy Server. But at the same time, you are telling it to override the Proxy Server. There is also a page coming up "Blank." This is okay if you have intentionally set a homepage to display blank, but if you have not, then it needs to be removed
So one last time:
Reopen HijackThis to 'do system scan only'. Check each of the entries below:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
If your ISP requires you to use a Proxy Server, leave the following. If not, check it.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
IF you want the MAN connection to override the Proxy Server, ;leave the following. If not, check it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Close all Windows except HijackThis. Click on "Fix Checked".
Run the following online scan: Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesn't work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
---------------------
If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.
If the scan is clean and there are no more problems, I'll instruct you in removing all the cleaning tools and set new restore points.
Almost through!
hi bobbey,
i removed the first three entries. about the other two i have no idea what the answers to your "if" questions are so i didn't touch them.
none of the scans succeeded on my internet explorer (including the jawa one). i tried the trend micro scanner (house call) with firefox and the results are that it did not find any threats. no log was given so i hope i did this step correctly.
i removed the first three entries. about the other two i have no idea what the answers to your "if" questions are so i didn't touch them.
none of the scans succeeded on my internet explorer (including the jawa one). i tried the trend micro scanner (house call) with firefox and the results are that it did not find any threats. no log was given so i hope i did this step correctly.
Bobbye
Posts: 16,313 +36
Chip, I know this has been a long thread for you. You can have HijackThis remove the 2 "if" entries.
I am concernet about your comment that none of the scan succeeded on IE. Can you clarify which scan you're referring to? The Kaspersky scan does not require you to use IE.
If the AV scan is clean and the original problems have been resolved, you can remove the cleaning tools:
Remove all of the tools we used and the files and folders they created
If you are prompted to Reboot during the cleanup, select Yes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
If I can be of further help, please let me know.
I am concernet about your comment that none of the scan succeeded on IE. Can you clarify which scan you're referring to? The Kaspersky scan does not require you to use IE.
If the AV scan is clean and the original problems have been resolved, you can remove the cleaning tools:
Remove all of the tools we used and the files and folders they created
- DownloadOTCleanIt by OldTimer
- Save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
If you are prompted to Reboot during the cleanup, select Yes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
- Go to Start > All Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
- Click "OK" to select the partition or drive you desire.
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.
If I can be of further help, please let me know.
Thanks Bobbye for sticking with me.
i fixed the two entries with hjt.
about the scans, the kaspersky only had an option to scan a specific file. i couldn't find a complete online scan. the one that did work was the last one (java based) that you linked to and only in firefox. when i used internet explorer, pressing the scan button just left me stuck with a blank page (part of the page). [i dion't remember if you were already or if this is related to the problem but i have these problems wih ie in other case such as sending forms, watching embedded movies and even using the buttons in this very forum.]
now i'll move on to the cleanup.
ok, i think this is it, i made a new restore point and cleaned up the old ones.
thanks again, bobbye.
about your kind offer, i do have question but it's not about viruses. is it possible to install a new and legal windows xp over an old one (which apparently wasn't legal and is giving me a headache) without losing all of my setting, mail and other important files ?
i fixed the two entries with hjt.
about the scans, the kaspersky only had an option to scan a specific file. i couldn't find a complete online scan. the one that did work was the last one (java based) that you linked to and only in firefox. when i used internet explorer, pressing the scan button just left me stuck with a blank page (part of the page). [i dion't remember if you were already or if this is related to the problem but i have these problems wih ie in other case such as sending forms, watching embedded movies and even using the buttons in this very forum.]
now i'll move on to the cleanup.
ok, i think this is it, i made a new restore point and cleaned up the old ones.
thanks again, bobbye.
about your kind offer, i do have question but it's not about viruses. is it possible to install a new and legal windows xp over an old one (which apparently wasn't legal and is giving me a headache) without losing all of my setting, mail and other important files ?
- Status
Similar threads
