Jump to content

ken545

Trusted Malware Techs
  • Content Count

    292
  • Joined

  • Last visited

Everything posted by ken545

  1. Awong, I posted back at Safer to have you run a couple of more scans. I was hoping here at the PIT they would run you through a test to check the health of your hard drive and go from there, lets see if the scans found anything and if not then we can post back here
  2. Glad things are running better for you and we could help, Regards, ken
  3. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  4. Sorry for the delay, missed the email notification that you replied. Yes go ahead and clean out the Recycle Bin Open OTL and click on Clean Up and it will remove most of the tools we used to clean your system along with there backups. How did I get infected in the first place ? Read these links and find out how to prevent getting infected again. Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected. WhattheTech Grinler BleepingComputer GeeksTo Go Dslreports Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community Spybot Search and Destroy 1.6Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy. WinPatrol Keep this fine program activated to block a lot of threats Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection. Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing. IE-Spyad IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites. Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. Safe Surfn Ken
  5. Hi, Lets delete this two files, but leave them in the Recycle bin , reboot and make sure there is no problem, if there is than you can restore them, I am sure there not good. C:\WINDOWS\Xhekoful.dat C:\WINDOWS\Mpemabowinewunoz.bin The two entries that ESET found where just backups of what Combofix removed , we will clean all that out in a bit also. Let me know how it went with those two files
  6. Just curios about these two files. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :file C:\WINDOWS\Xhekoful.dat C:\WINDOWS\Mpemabowinewunoz.bin Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Please run this free online virus scanner from ESET Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic
  7. Orbit, I am still looking at those P2P (File Sharing Programs ) on your system. I strongly urge you to uninstall them. Your downloading that file from and unknown source, malware writers are in tune to this and it has become one of the latest ways to infect your computer. Why don't you run this program, its a quick scan and let me take one more final look. OTL by OldTimer Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  8. Well , logs look ok, how are things running now ?
  9. Hi Orbit, Your CF log looks fine. Reboot and see if AVG keeps flagging that file. I don't see it anywhere on your log, it may be gone or in quarantine Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind ahicenay.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  10. Go ahead and run Combofix with this new script DDS:: uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File File:: c:\documents and settings\eric\application data\hotfix.exe c:\windows\ahicenay.dll There is one more I want to check but we can do that later
  11. Good Morning Orbit, These two c:\windows\wfctfoc.dll<--This file c:\windows\ahicenay.dll<--This file
  12. Hi, Still looking at some markers in your log for ThinkPoint. You need to enable windows to show all files and folders, instructions Here Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again c:\windows\wfctfoc.dll c:\windows\ahicenay.dll If the site is busy you can try this one http://virusscan.jotti.org/en Drag Combofix to the trash and download a fresh copy. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS:: DDS:: uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File File:: c:\documents and settings\eric\application data\hotfix.exe Save this as CFScript to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. There are still a few more things to check, just don't want to overwhelm you
  13. Hello breakingorbit, JonTom is away and I will be helping you, please post the new DDS log, your wifes account will be fine
  14. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  15. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  16. jpb4999 Sorry about that, followed the wrong link. Conspire will be along shortly
  17. Hello, You can check these settings. Open Internet Explorer and go to Tools> Internet Options> Advanced Tab and under the Multimedia entry do this. Show Image Download Place Holders <---Uncheck this Show Pictures <--- Check this Apply> OK Close IE Reboot and see if it fixed it
  18. Your Maxtor drive running as a service in the background, there is nothing wrong with that. This forum is for malware removal and your log is fine, I would suggest going to our site and running the full tests, there free. PcPitStop <-- You can take your system in for a checkup here. Then you can post the results here and someone in that forum can guide you. User to User Help Ken
  19. Due to lack of response this topic will be closed, if you still need help start a new topic.
  20. Hey Glen Go ahead and remove these, not sure but they could be preventing you from switching Google accounts, there restricting Internet Explorer from some functions O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present You can always restore whatever you remove with HJT if it causes issues To restore the backups: Open HiJackThis Click on "View the list of Backups" Place a check mark next to anything you want to restore Click Restore Click Yes Reboot your computer Here is some info about switching users with Googlehttp://googlesystem.blogspot.com/2008/01/s...l-accounts.html You should be able to plug the usb camera cable in when the computer is running and it will be recognized. Lets see if your missing any system files Depending on how your manufacturer set up your system, you may or may not need the Windows XP CD. If you have a I386 folder on your C:\ drive you may not need the disk. Click Start>Run Type in sfc /scannow, hit Enter. Note: there is a space between sfc and /scannow This should replace any corrupted/missing system files and will hopefully fix things.
  21. Hello Glen, Juliet is just fine, she should be back in a few days. Remove these with HJT R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = If you set these than leave them be otherwise fix them O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present Do you have a wireless mouse and keyboard? Batteries may need replacing. If not sometimes the keyboards give out in time, you may want to try replacing it, there not very expensive. Not sure what you have done for Gmail,are you using two accounts and trying to switch between them? If not and you are not using one you need to go into the Gmail account you don't want and delete it. http://www.google.com/support/accounts/bin...mp;answer=61177 For your Maxtor Drive, its in the background running as a service using system resources, you don't have to remove or uninstall it but we can change the startup type as manual. Go to Start> Run and type this in services.msc and click on OK These will be alphabetical, right click on each one and go to properties and in the startup type, change it to Manual. Ok your way out. MaxBackServiceInt MaxSyncService You can bypass your camera card, just plug your camera right into your computer via the USB Cable and turn the camera on ( not to take pictures but to view them ) Then go to My Computer, you should see your camera as a Removable Drive, click on it to open and go to the DCIM folder and your pictures should be in there. Let me know if any of this helped you out?
  22. glenmit1, How are ya doing? Juliet had a bit of an accident and will be offline for a few days. We wish her well and hope she will be back soon. Spysweeper is a great program, I installed it myself last year on an XP Home system and noticed that it seemed to make my system sluggish, it was just the trial so I uninstalled it and things came back to normal. As far as Maxtor, I have one myself but just turn it on when I need it, you have it running as a service, do you do regular backups or just now and then. Please download ATF Cleaner by Atribune to your desktop. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility. Have you run the system defragmenter lately? Go to Start> All Programs> Accessories> System Tools> Defragmenter Highlight your C:\ Drive and let her rip, if you have not run this before it could take awhile. Let me know if any of this helped?
  23. This thread is being closed due to lack of response, if you still have issues than start a New Topic
  24. Since this issue appears resolved this thread will be closed, if you have issues in the future just start a New Topic. Thanks for using PcPitStop
  25. Your very welcome Take care, Ken
×
×
  • Create New...