If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
My point exactly. I ask them to post it because I want to see it and help
them. The other posts ran her off and made her more confused, how is that helping? I have been watching this thread and stayed out it for a while just to see what happens. Those other MVP's and trolls would rather criticize me and confuse the user, like they did, rather then help because they don't want to see a hjt log. It's just stupid childish behavior. -- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "Shenan Stanley" wrote in message ... pcbutts1 wrote: Sorry Email won't work. I get way too many hjt logs in email so they get stripped off and deleted. You have to use this group or post it over at news:24hoursupport.helpdesk they are more civilized in that group and know the importance of hjt. snip Actually - "civilized" has nothing to do with it. While I could care less if someone posts there HJT log here, I will not quote it when responding to the person nor will I argue with those who request that the logs get posted in a forum more suited to it (such as a HJT specific forum.) The reasoning is simple: The people in an HJT forum are there to answer questions related to the HJT product and want to see those logs. The people here in "microsoft.public.windowsxp.configuration_mana ge" and "microsoft.public.windowsxp.help_and_support" are here to answer questions on Windows XP product and may not care to see logs that have no meaning to them (possibly - I know many "experts" in Windows XP that wouldn't know what the HJT log was without a little thought and research.) Freespirit can post what she wants here and if this is where you would prefer to have her post it and you are the one helping her - so be it - I do not have a problem with that and actually would encourage it.. But I would not call the groups "uncivilized" because some here would prefer not to see multipage logs posted on a group not frequented (necessarily) by the experts in reading and interpreting those logs. Hopefully some of the instructions I posted in another thread with her will rid her of this plague she has on her machine and we can actually get about making it fully functional again - if not - I welcome her logs here for you to peruse and interpret! -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
Ads |
#17
|
|||
|
|||
Hi,
Try this too. http://research.sunbelt-software.com...loader.BHO.req ---==X={}=X==--- Jim Self AVIATION ANIMATION, the internet's largest depository. http://avanimation.avsupport.com Your only internet source for spiral staircase plans. http://jself.com/stair/Stair.htm Experimental Aircraft Association (EAA) Technical Counselor |
#18
|
|||
|
|||
"Shenan Stanley" wrote in message ... Shenan Stanley wrote: Hopefully some of the instructions I posted in another thread with her will rid her of this plague she has on her machine and we can actually get about making it fully functional again - if not - I welcome her logs here for you to peruse and interpret! ~ FreeSpirit ~ wrote: I have a question about the names of the dlls that get deleted. Snips from the post: O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ddayx.dll (The DLL may have a different name.) O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (The DLL may have a different name.) - Next double click on explorer.exe and again click once on each instance of ddayx.dll (remember - could be named something else) then click the kill button. - After you have killed all of the ddayx.dll's (or whatever it is named - it will be the unusually named DLL) under winlogon click OK. How would I know what names if they're different? Do I just delete the dlls I will see there? For example there are no ddayx.dlls on my machine. Make a list - post them here - then we can look over them. ===================== It was no problem getting to the list via SafeMode/opening the "download process Explorer" and finding the thread window. But the names there are nothing like the ddaxy.dll or the one MSAS found = pmkhh.dll. They all looked legitimate such as: xmlmfc.dll+02x218e7 .... Winmm.dllPlaySound RPCRT4.dll ntdll.dll Rt.Queue winlogon.exe+0x ..... And a few more that are similar. This Trojan seems to have 5 plain low-case letters - these look different. There were more but you can't cut and past from there. There were 3 others that had changing numbers in front of them as I watched. Processor use maybe??!?! Also when making the reg.backup. When I removed the carrots it changed the format a bit. Was I supposed to leave the carrots when C&Ping to notepad? Since nothing looked like the 5 low-case letter Trojan's dlls I didn't delete any of them. Where can we get more information on what to delete there? FS ~ -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#19
|
|||
|
|||
"pcbutts1" wrote in message
. .. My point exactly. I ask them to post it because I want to see it and help them. The other posts ran her off and made her more confused, how is that helping? I have been watching this thread and stayed out it for a while just to see what happens. Those other MVP's and trolls would rather criticize me and confuse the user, like they did, rather then help because they don't want to see a hjt log. It's just stupid childish behavior. I don't think it's possible to get more confused than she already is. People like her are exactly why HJT logs shouldn't be posted here. There are too many people that don't what they are doing that will post a reply and only cause her more problems. There are no moderators to remove the posts that may be wrong. If you have followed the threads in the many newsgroups she has posted to you can see that she will try any and every suggestion she gets. The wrong suggestion with HJT and she may have a system that doesn't work, although it seems like that's what she already has :-) Kerry |
#20
|
|||
|
|||
So what's next? just forget about her and her problems because people are
scared of hjt logs. That's GREAT help. this group is AWESOME! -- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "Kerry Brown" *a*m wrote in message ... "pcbutts1" wrote in message . .. My point exactly. I ask them to post it because I want to see it and help them. The other posts ran her off and made her more confused, how is that helping? I have been watching this thread and stayed out it for a while just to see what happens. Those other MVP's and trolls would rather criticize me and confuse the user, like they did, rather then help because they don't want to see a hjt log. It's just stupid childish behavior. I don't think it's possible to get more confused than she already is. People like her are exactly why HJT logs shouldn't be posted here. There are too many people that don't what they are doing that will post a reply and only cause her more problems. There are no moderators to remove the posts that may be wrong. If you have followed the threads in the many newsgroups she has posted to you can see that she will try any and every suggestion she gets. The wrong suggestion with HJT and she may have a system that doesn't work, although it seems like that's what she already has :-) Kerry |
#21
|
|||
|
|||
FYI she downloaded hjt from a trusted source and got version 1.97.7 Anymore
bright ideas Leythos. I'm still waiting for those emails proving I don't have permission to do what I do. -- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "Leythos" wrote in message ... In article , pcbutts1 @seedsv.com says... It's just stupid childish behavior. No, stupid and childish is going against the groups norms for posting and for linking other peoples works/products in your posts. Childish and stupid is downloading other peoples works and products to your own website instead of posting links to the vendors site for people to download from a "trusted" source and where they can read about the products. All of us are more than willing to help, but most of us are mature enough to not suggest people download unproven software from an unknown site when the software is just as easily available from the vendors own site. Also, we don't ask people to post HUGE logs or binaries here as it's not the proper place for it - not to mention all the idiots that quote the entire HJ log when they reply. None of us Object to HJ logs posted in the groups that approve of it. -- remove 999 in order to email me |
#22
|
|||
|
|||
"PA20Pilot" wrote in message ... Hi, Try this too. http://research.sunbelt-software.com...loader.BHO.req ========================================= This one claims to remove it but didn't even see it. It did find a few others though. FS~ |
#23
|
|||
|
|||
"Leythos" wrote in message ... In article , pcbutts1 @seedsv.com says... So what's next? just forget about her and her problems because people are scared of hjt logs. That's GREAT help. this group is AWESOME! If you were to stop the BS the thread would be a lot smaller and more help would be available. ==================== After all the help I recieved here and all the problems I've had in the past few weeks, I believe this Trojan is GONE. I combining all the information from *all of you* I tried a few things I picked up here and there..... First I unchecked System Restore and rebooted. I removed the registry KEY for this Trojan. I emptied not only the temporary Internet files but the Temp files once again, plus HISTORY and all the cookies. In HJThis I told it to delete the line containing the pmkhh.dll. In MSAS I clicked on delete (the Trojan) - it said it did. Another reboot..... NO TROJAN!!! Could it be this easy? I rebooted again. No Trojan. Was it hiding in the Restore Files? In the Temp File? Now,... despite running about 7 Antispyware programs there still seems to be spyware somewhere because everytime I try to use I.E. I'm redirected to another site. This one hxxp://www.vipfares.com/new/index.php?aid=vm_fm_vipfares&lid and others. Trying to get the next critical patches from MS still does not work but the SP2 warning bar does not appear. I get the same MS message: The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup The search Window there rejects everything I type in to try and get help. It accepts no word or phrase so I gave up on it. Now guys (and ladies) how do I get my critical updates? Or should I give up and perhaps use Mazilla or Netscape for a browser. I.E. seems wide open to these infestations. As we can see, the Anti-Spyware programs out there are not doing the job of finding these things - there are simply too many in the wild. As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O FS~ |
#24
|
|||
|
|||
"pcbutts1" wrote in message
. .. So what's next? just forget about her and her problems because people are scared of hjt logs. That's GREAT help. this group is AWESOME! I don't think anyone here is afraid of HJT logs. There are many expert users of HJT on the MS newsgroups. If you read my last post to her I pointed out an appropriate forum and told her to come back here once she was finished there if she was still having problems. Unfortunately she couldn't figure out how to use the forum. As she is receiving some excellent help from Shenan Stanley I decided to leave well enough alone for now. Kerry |
#25
|
|||
|
|||
"~ FreeSpirit ~" wrote in message
... After all the help I recieved here and all the problems I've had in the past few weeks, I believe this Trojan is GONE. I combining all the information from *all of you* I tried a few things I picked up here and there..... First I unchecked System Restore and rebooted. I removed the registry KEY for this Trojan. I emptied not only the temporary Internet files but the Temp files once again, plus HISTORY and all the cookies. In HJThis I told it to delete the line containing the pmkhh.dll. In MSAS I clicked on delete (the Trojan) - it said it did. Another reboot..... NO TROJAN!!! Could it be this easy? I rebooted again. No Trojan. Was it hiding in the Restore Files? In the Temp File? Now,... despite running about 7 Antispyware programs there still seems to be spyware somewhere because everytime I try to use I.E. I'm redirected to another site. This one hxxp://www.vipfares.com/new/index.php?aid=vm_fm_vipfares&lid and others. snip As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O In MSAS go into Advanced Tools == System Explorers == IE Settings == Restore all IE default settings. Exit MSAS, reboot the computer, and see if the settings have changed back to the web site you mentioned. If they have then you still have some spyware running. Kerry |
#26
|
|||
|
|||
~ FreeSpirit ~ wrote:
After all the help I recieved here and all the problems I've had in the past few weeks, I believe this Trojan is GONE. I combining all the information from *all of you* I tried a few things I picked up here and there..... First I unchecked System Restore and rebooted. I removed the registry KEY for this Trojan. I emptied not only the temporary Internet files but the Temp files once again, plus HISTORY and all the cookies. In HJThis I told it to delete the line containing the pmkhh.dll. In MSAS I clicked on delete (the Trojan) - it said it did. Another reboot..... NO TROJAN!!! Could it be this easy? I rebooted again. No Trojan. Was it hiding in the Restore Files? In the Temp File? Now,... despite running about 7 Antispyware programs there still seems to be spyware somewhere because everytime I try to use I.E. I'm redirected to another site. This one hxxp://www.vipfares.com/new/index.php?aid=vm_fm_vipfares&lid and others. Trying to get the next critical patches from MS still does not work but the SP2 warning bar does not appear. I get the same MS message: The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup The search Window there rejects everything I type in to try and get help. It accepts no word or phrase so I gave up on it. Now guys (and ladies) how do I get my critical updates? Or should I give up and perhaps use Mazilla or Netscape for a browser. I.E. seems wide open to these infestations. As we can see, the Anti-Spyware programs out there are not doing the job of finding these things - there are simply too many in the wild. As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O FreeSpirit.. Rerun HJT - email me the log. An attachment text file is fine. You can alos cut/paste all the text into the message body if that is easier for you. My reply-to email will work. As for everything else - keep it in this thread. Although using an alternative browser for your everyday browsing is a great idea (Firefox is a fantastic thing..) - you have to use Internet Explorer on some sites - so we need to get that fixed. =) You could use Automatic Updates for your Windows Updates - but with all the trouble you have with the system now - manual intervention (after some training) may be better. (The training - you've received over the last few weeks! hah) Let me ask you this.. Can you - in IE - get to: http://www.microsoft.com/technet/sec.../ms05-aug.mspx If so, can you then expand the: (+) Critical (3) Section? (Click on the plus sign on the page.) If so, can you then click on the words in that section: "Cumulative Security Update for Internet Explorer (896727)"? That should take you to the following page: http://www.microsoft.com/technet/sec.../MS05-038.mspx Does it? If so, can you scroll down the new page and find the line that reads: "Internet Explorer 6 for Microsoft Windows XP Service Pack 2 - Download the update" and then click on the words "Download the update" in that line? This should take you to another web page, particularly this one: http://www.microsoft.com/downloads/d...displaylang=en ( Shorter Link: http://snipurl.com/h9oi ) Can you then click on the "Download" button and describe what happens? If you get a chance to install an alternative browser - I suggest Firefox HIGHLY. Install it and go to the LAST page i gave above, click on DOWNLOAD there in the new browser and describe what happens then as well. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#27
|
|||
|
|||
See my answer to your hjt log posted in the other group.
-- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "~ FreeSpirit ~" wrote in message ... "Leythos" wrote in message ... In article , pcbutts1 @seedsv.com says... So what's next? just forget about her and her problems because people are scared of hjt logs. That's GREAT help. this group is AWESOME! If you were to stop the BS the thread would be a lot smaller and more help would be available. ==================== After all the help I recieved here and all the problems I've had in the past few weeks, I believe this Trojan is GONE. I combining all the information from *all of you* I tried a few things I picked up here and there..... First I unchecked System Restore and rebooted. I removed the registry KEY for this Trojan. I emptied not only the temporary Internet files but the Temp files once again, plus HISTORY and all the cookies. In HJThis I told it to delete the line containing the pmkhh.dll. In MSAS I clicked on delete (the Trojan) - it said it did. Another reboot..... NO TROJAN!!! Could it be this easy? I rebooted again. No Trojan. Was it hiding in the Restore Files? In the Temp File? Now,... despite running about 7 Antispyware programs there still seems to be spyware somewhere because everytime I try to use I.E. I'm redirected to another site. This one hxxp://www.vipfares.com/new/index.php?aid=vm_fm_vipfares&lid and others. Trying to get the next critical patches from MS still does not work but the SP2 warning bar does not appear. I get the same MS message: The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup The search Window there rejects everything I type in to try and get help. It accepts no word or phrase so I gave up on it. Now guys (and ladies) how do I get my critical updates? Or should I give up and perhaps use Mazilla or Netscape for a browser. I.E. seems wide open to these infestations. As we can see, the Anti-Spyware programs out there are not doing the job of finding these things - there are simply too many in the wild. As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O FS~ |
#28
|
|||
|
|||
"Kerry Brown" *a*m wrote in message ... "~ FreeSpirit ~" wrote in message ... After all the help I recieved here and all the problems I've had in the past few weeks, I believe this Trojan is GONE. I combining all the information from *all of you* I tried a few things I picked up here and there..... First I unchecked System Restore and rebooted. I removed the registry KEY for this Trojan. I emptied not only the temporary Internet files but the Temp files once again, plus HISTORY and all the cookies. In HJThis I told it to delete the line containing the pmkhh.dll. In MSAS I clicked on delete (the Trojan) - it said it did. Another reboot..... NO TROJAN!!! Could it be this easy? I rebooted again. No Trojan. Was it hiding in the Restore Files? In the Temp File? Now,... despite running about 7 Antispyware programs there still seems to be spyware somewhere because everytime I try to use I.E. I'm redirected to another site. This one hxxp://www.vipfares.com/new/index.php?aid=vm_fm_vipfares&lid and others. snip As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O In MSAS go into Advanced Tools == System Explorers == IE Settings == Restore all IE default settings. Exit MSAS, reboot the computer, and see if the settings have changed back to the web site you mentioned. If they have then you still have some spyware running. Kerry ========================= Thanks Kerry, I did that and an interesting thing happened - Spyware Doctor started doing strange things and suddenly I.E. was GONE!!!! GONE!!! ?!?!?! SD said some unknown "?" was trying to hijack my browser. I deleted SD and rebooted. Still no I.E. Evidently SD and MSAS are not going to get along in some areas. SD sees MSAS as a hijacker when someone does as you suggested. Then bye bye I.E. I did a system restore that I set last night when I was sure the Trojan was gone. The system restore worked flawlessly and all seems to be well now. AND - no more being hi-jacked to strange websites - so far. And I.E. is so much faster! :-))) Could SD itself have included a browser hijacker? I don't know....... :-( I do know my PC is running fine right now. So right now I have running: MSAS, CounterSpy, A-Guard and of course ZoneAlarm. I'll continue to run Spybot and Adaware weekly but have lost faith in them. I sure want to thank *ALL OF YOU* for your patience and help. :-) FS~ |
#29
|
|||
|
|||
"~ FreeSpirit ~" wrote in message
Thanks Kerry, I did that and an interesting thing happened - Spyware Doctor started doing strange things and suddenly I.E. was GONE!!!! GONE!!! ?!?!?! SD said some unknown "?" was trying to hijack my browser. I deleted SD and rebooted. Still no I.E. Evidently SD and MSAS are not going to get along in some areas. SD sees MSAS as a hijacker when someone does as you suggested. Then bye bye I.E. I did a system restore that I set last night when I was sure the Trojan was gone. The system restore worked flawlessly and all seems to be well now. AND - no more being hi-jacked to strange websites - so far. And I.E. is so much faster! :-))) Could SD itself have included a browser hijacker? I don't know....... :-( I do know my PC is running fine right now. So right now I have running: MSAS, CounterSpy, A-Guard and of course ZoneAlarm. I'll continue to run Spybot and Adaware weekly but have lost faith in them. I sure want to thank *ALL OF YOU* for your patience and help. :-) That's great glad you finally got things worked out. Personally I would only have one antispyware program running at a time. I would use the others to scan once a week or so. My personal preference would be MSAS running and use the others for scanning only. Kerry |
#30
|
|||
|
|||
"Shenan Stanley" wrote in message ... ~ FreeSpirit ~ wrote: BREVITY SNIP As hard as I've looked I can't find any scum-ware now on this PC that can be redirecting me to these weird websites unless one of these recommended anti-spyware programs came with GASP another Trojan! :-O FreeSpirit.. ============================================= Rerun HJT - email me the log. An attachment text file is fine. You can alos cut/paste all the text into the message body if that is easier for you. My reply-to email will work. ## I just sent it. As for everything else - keep it in this thread. Although using an alternative browser for your everyday browsing is a great idea (Firefox is a fantastic thing..) - you have to use Internet Explorer on some sites - so we need to get that fixed. =) ## OK. It may be fixed. See my post above. Although I still can't use the MS Windows Update Page I do have Auto-Updates turned on. I am not being hijacked to "strange" websites since using the MSAS browser restore feature and removing SpywareDoctor (there was a conflict) from my PC. You could use Automatic Updates for your Windows Updates - but with all the trouble you have with the system now - manual intervention (after some training) may be better. (The training - you've received over the last few weeks! hah) ## YES!!! I'm learning more on these NGs than I have from all the PC mags I ever read and the XP book I have. ;-) Let me ask you this.. Can you - in IE - get to: http://www.microsoft.com/technet/sec.../ms05-aug.mspx ## I got there without a problem and plan to READ everything in sight there when I'm done here on the NGs. If so, can you then expand the: (+) Critical (3) Section? (Click on the plus sign on the page.) If so, can you then click on the words in that section: "Cumulative Security Update for Internet Explorer (896727)"? That should take you to the following page: http://www.microsoft.com/technet/sec.../MS05-038.mspx Does it? ## Yes. No problem...... If so, can you scroll down the new page and find the line that reads: "Internet Explorer 6 for Microsoft Windows XP Service Pack 2 - Download the update" and then click on the words "Download the update" in that line? This should take you to another web page, particularly this one: http://www.microsoft.com/downloads/d...displaylang=en ( Shorter Link: http://snipurl.com/h9oi ) Can you then click on the "Download" button and describe what happens? ## I did, I downloaded the patch there - but it can't be installed. I get this error: Setup Error: "The System Cannot Find The File Specified." - Installation did not complete. If you get a chance to install an alternative browser - I suggest Firefox HIGHLY. Install it and go to the LAST page i gave above, click on DOWNLOAD there in the new browser and describe what happens then as well. ## Wait a minute.... the last page you gave me is http://snipurl.com/h9oi - there is no download for Firefox there?!?!?! What do you mean? You lost me.......... FS~ -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
explorer only works if I rename it | Dave Sell | General XP issues or comments | 7 | June 3rd 05 01:33 PM |
Questions, Questions, a Trojan and a Chocolate Bar | Sandal | Windows XP Help and Support | 7 | May 30th 05 05:48 PM |
Trojan horse - TR/startpage.qr.dll | The Aussie Girl | Windows XP Help and Support | 7 | March 11th 05 02:49 AM |
Peper Trojan | Patty | General XP issues or comments | 3 | September 28th 04 03:13 PM |
Trojan and other problems. | RC | Windows XP Help and Support | 3 | July 27th 04 06:22 AM |