tman70

sari Should I power down the cable modem also? Tman70

sari Comcast is our ISP. His computer is not networked. We are both connected through the same 4 port router. Linksys model #BEFSR41 ver.2 We can access our respective paypal accounts from my computer as it has the paypal certificate. His computer still has the snakeoil.dom certificate. Is there any other information you need? Tman70

Sari Here are the main.txt and extra.txt files Thanks for all your help. main.txt Deckard's System Scanner v20070711.54 Run by Owner on 2007-07-18 at 14:29:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-07-18 20:29:31 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------

sari Here is the file from the GMER program. GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-07-18 11:55:53 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F738C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F738C812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs

Pete I will do that when we get it cleaned. I intend to update everything that needs it. I intend to later remove a lot of Compaq bundled junk that he doesn't need. I have went to IE options\contents and tried to find the snakeoil certificate, but can not find it in: certificates publishers intermediate certification authorities trusted root certification authorities I have clicked the clear SSL State button, but the snakeoil cert. is still there. How do I remove it when I can't find it?

shanenin, My host file is the same as yours. Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example:

Sari Thank you for explaining. I thought that was the reason, but was not sure. I don't know what my son deleted when he started having problems. He goes on to work and lets me figure out how to correct the problems. LOL The original paypal page will come up with the lock at the lower right bottom. However when you click a link it takes you to a log in pagewithout the lock. The certificate for Paypal is still snakeoil.dom I ran a Kaspersky scan yesterday and it says the only virus he has is: Smitfraudfix\reboot.exe (which we know what that is) and c\hp\bin\killwind.exe (which is a compaq prog

I am going to suggest you try the Kaspersky online scanner http://www.kaspersky.com/virusscanner Click on the thing with the magnifying glass at upper left. It will only identify (not remove) the infection but it will help the guys in the security and hijack forum to help you. Hi Pete. Thanks for the advice. I had ran Kaspersky scan after I had posted the HJT log. All it found was killwind.exe which is a compaq bundled program that lets them access the computer remotely. Since the computer is not under warranty I'll remove it later. I did run the scan again just now and all it found was Sm

Sari I did the first steps and then went to c drive. There is nothing showing in the folder and if I right click and send to compressed folder it says the folder is empty and can not be archived. In the left hand panel the detail panel says " attribute:hidden". What should I do now?

Sari, Here is the combo scan and HJT scan. "Owner" - 2007-07-13 12:07:27 - ComboFix 07-07-13.8 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\aimsmx.dll C:\WINDOWS\system32\aosmx.dll C:\WINDOWS\system32\gtalsmx.dll C:\WINDOWS\system32\pfxzmtaim.dll C:\WINDOWS\system32\pfxzmtgtal.dll C:\WINDOWS\system32\pfxzmticq.dll C:\WINDOWS\system32\pfxzmtymsg.dll C:\WINDOWS\system32\sfxzmtforum.dll C:\WINDOWS\system32\sfxzmtsmt.dll C:\WINDOWS\system32\sfxzmtsmtspm.dll C:\WINDOWS\system32\sfxzmtwbmail

Hello Sari, Here is the file. SmitFraudFix v2.203 Scan done at 18:10:35.70, Thu 07/12/2007 Run from C:\Documents and Settings\Owner\Desktop\smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Softw

Thanks TT_75. I'll try to keep him from using it until I can get some help.

I tried that and did not see anything relating to "snakeoil". I did click on the clear the SSL State button. I was able to try the paypal site using the https:// and got the snakeoil cert. warning me the site was fraudulent, but did not see anything to help me locate it. The only name in it is snakeoil. This is what the certificate says: SSL Server Certificate issued to common name (cn) www.snakeoil.dom organization (o) Snake Oil.LTD organization unit (ou) webserver team serial number 01 issued by common name (cn) Snake Oil ca organization (o) Snake Oil.LTD organization unit (ou) Certificate

I want to put the files on the HD in Text form and then burn them to cd as it gets to expensive to print and mail 100 plus files on just one individual. All other settings give me either an unformated page or an inaccurate page. I did add ms word to the scanner program, but it still does not scan as an accurate page. Some names and words have other characters instead. Have you tried looking for an update for the scanner? Go to it's web site and look for a download to update it. This is my son's computer. I have the latest drivers installed. I did that when I changed everything from W98se to

My son has a compaq Preario sr1012nx running Wxp home. He can not open paypal. No links work. The only thing that works is the logon link and it tells him he has to resend all his information. Thankfully he knew better. If we use https and click a link it takes us back to the scam page. Have run Trend micro online scan, adaware, spybot and avast, all updated, and found nothing. Is there anything in the Highjackthis log? Logfile of HijackThis v1.99.1 Scan saved at 7:40:50 AM, on 7/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running proce

If he clicks on a link on the site it does nothing. If he logs in it asks for all his information. If we use https:\\ instead of http:\\ it says that the certificate is fraudulent. He can access Paypal from my computer without any problems. Does this help?

My son's paypal account cannot be accessed on his computer because of snakeoil.dom. I have run updated spybot, adaware and avast, but it is still there. I have ran hiJack this but do not see anything by that name. Do I need a special tool to remove it?

I want to put the files on the HD in Text form and then burn them to cd as it gets to expensive to print and mail 100 plus files on just one individual. All other settings give me either an unformated page or an inaccurate page. I did add ms word to the scanner program, but it still does not scan as an accurate page. Some names and words have other characters instead.

Several years ago, before I had my own computer, I used the library for Genealogy research and printing. All printing was free at that time. I have about 100 plus pages of Genealogy on one family member that I wish to give to someone. Rather than spend time and money on printing and mailing all the files, I wanted to put them on a cd so they could use ms word or whatever to open them. I have a Lexmark x75 all in one printer-scanner with WXP. I tried scanning the files and ran into a problem. I can only save the files, mistake free, in jpeg form. I have tried other settings, notepad-wordpad, b

I finally got it fixed. After trying everything else I went back to the first thing I had googled but was afraid to try. I made an xp boot.ini floppy. I formated a floppy using this HD that has XP Home on it. Then I copied the two files NTDETECT AND NTLDR from the xp cd to the floppy. Then I went to the boot.ini on this HD and named & copied it to MY Docs and then copied it to the floppy. Then I removed this HD and put the other one in as master and reset bios to boot from the A drive. I rebooted and it recognized my monitor and booted up. Now after shutting down and rebooting several time

Thanks, I thought that was the way it was. This HD had 98se on it when I installed xp home over it. Should I install 98se on the other HD and install the nvidia driver and then install xp home over it or is that a waste of time?

How do I determine if I have onboard video? I don't see anything in Device driver.

I have tried removing it three times and when I reboot it still shows in Device Manager. I have no yellow exclamation marks in Device Manager. But it still does not register in Display Property. I have copied the Nivida file from this HD to a floppy and installed it on the other HD, but that did not help. I probably did not install it in the right place, where ever it is.

Hi Liz, No. I only have the monitor, speakers, keyboard and mouse hooked up to the computer. I first installed xp home over my W98se and got it running and then used xxclone to keep a cloned copy of the HD. I kept it updated without any problems. Then I had a problem and had to use my backup, but then it went bad and I cloned it to another Hd which I am using now. I can not get it to clone to another HD. That is why I am trying to do a clean install on another HD.

Maxtor Powermax 4.23 advance test says it is good. I think it is my nivida driver. In checking closer on this drive I see that in Display Prop., settings, advance, adapter information all the information is there. On the other HD when I go there it is not listed even though device manager says it is ok. I will remove it again in device manager and see if it will reinstall. Uninstalled it, but still will not install completely.