Jump to content

thatman

Trusted Malware Techs
  • Content Count

    128
  • Joined

  • Last visited

Everything posted by thatman

  1. Hi UndertakerPOH No I dont think there is. I never put file's in temp folder I need to keep. I allways delete all temp file's from my system, temp file's is a place where the malware is loaded to in most case's. Kc
  2. Hi UndertakerPOH Run killbox and click the radio button that says Delete a file on reboot. C:\WINDOWS\jopen32.dll Reboot the system as normal Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda and HJT.log. Kc Got a new computer
  3. Hi CD_Random Sorry for the delay in replying to your post If you are still in need of help please post a new HijackThis.'log Thank you Kc
  4. Hi MrHappyGoLucky12 Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download and install AD-Aware se. Click Here on how setup and use it - please make sure you update it first. Don't run yet. Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later. Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. Ewido will auto-udate. Don't run yet Reboot into Safe Mode: please see here if you are not sure how to do this. Run Ewido full scan. Save the scan.log. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe Click on Fix Checked when finished and exit HijackThis. Run Ad-aware se let remove all it finds Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove: Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\system32\unvujpke.dll C:\Program Files\sami\emia.exe Let the system reboot. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system. Kc :thumbsup:
  5. Hi AmoLaZucca Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Reboot into Safe Mode: please see here if you are not sure how to do this. Use windows add remove uninstall the following programs C:\Program Files\BullsEye Network C:\Program Files\NaviSearch C:\Program Files\CashBack C:\Program Files\Cas Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL (file missing) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL (file missing) O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\PROGRAM FILES\CAS\CLIENT\CASMF.DLL Click on Fix Checked when finished and exit HijackThis. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\BullsEye Network<--Delete the whole folder C:\Program Files\NaviSearch<--Delete the whole folder C:\Program Files\CashBack<--Delete the whole folder C:\WINDOWS\SYSTEM\nsvsvc<--Delete the whole folder C:\WINDOWS\SYSTEM\VIDCTRL<--Delete the whole folder C:\Program Files\Cas<--Delete the whole folder Exit Explorer. Reboot as normal. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  6. Hi kyoshiro21 Hope you updated your windows, go to windows update Kc
  7. Hi kyoshiro21 Congratulations! Your system is CLEAN. Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc
  8. Night Malware you lose Kc
  9. Hi kyoshiro21 You realy need to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx Apply the update, reboot, and post a fresh Hijack This log. Kc
  10. Hi Korneel Congratulations! Your system is CLEAN Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc
  11. Hi thatman Congratulations! Your system is CLEAN Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc :thumbsup:
  12. Hi Korneel Generate a HijackThis Startup list. Open HijackThis Click Config (Bottom Right) Click 'Misc Tools' Place a checkmark in the following two boxes: - List all minor sections (Full) - List Empty Sections (Complete) Now click 'Generate StartUpList log' A standard notepad window appears. Copy and paste the entire contents in your next reply. Please uninstall ewido this is a problem with this program. Kc
  13. Hi kyoshiro21 Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download and install AD-Aware se. Check Here on how setup and use it - please make sure you update it first. Don't run yet. Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later. Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. Ewido will auto-udate. Don't run yet Reboot into Safe Mode: Please see here if you are not sure how to do this. Run Ewido full scan. Save the scan.log. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Run Ad-aware se let remove all it finds Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove: Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\SYSTEM32\TCPService2.exe C:\WINDOWS\SYSTEM32\vx.tll C:\WINDOWS\SYSTEM32\ztoolbar.bmp C:\WINDOWS\DOWNLOADED PROGRAM FILES\file.exe C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\HIC90L52\protect[1].htm C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\HIC90L52\protect[1].php C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\NECLGT8Y\anylove[1].htm C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\NECLGT8Y\da[1].htm C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\WH2BGHUF\second-random-page[1].htm C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\YO0FJP4U\downloads_manager[1].htm C:\Documents and Settings\Kyoshiro\Local Settings\Temporary Internet Files\Content.IE5\YO0FJP4U\downloads_manager[1].php C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XZ17SDRW\loadppc[1].exe Let the system reboot. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm http://housecall.trendmicro.com/housecall/start_corp.asp Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  14. Hi tonka Your HJT.LOG is clean are you having a problem with the system now. Kc
  15. Hi Korneel Try ewido and run it in safe mode. Kc
  16. Hi Korneel Yes that is the panda.log, I think one more scan just to make sure. Please read through the instructions before you start (you may want to print this out). Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. update. Ewido and run the scan. post the log if any items are found. Is this your home page: https://netlogin.kuleuven.be/ Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  17. Hi tonka Please read through the instructions before you start (you may want to print this out). Use windows add remove program file's uninstall the following: C:\Program Files\Logitech\Desktop Messenger It is a resource hog as you can see with all the 018 entry's. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O18 - Protocol: bw+0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B1DACEE8-D951-4FB1-8E32-0EA43387C3F9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Click on Fix Checked when finished and exit HijackThis. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  18. Hi kyoshiro21 Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Download Pocket Killbox and unzip it; save it to your Desktop. Reboot into Safe Mode: please see here if you are not sure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - blank (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [hProtect.exe] C:\WINDOWS\System32\hProtect.exe O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab Click on Fix Checked when finished and exit HijackThis. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\System32\hProtect.exe Let the system reboot. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  19. Hi Korneel This online scanner below is better at finding malware try it. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  20. Hi UndertakerPOH Sorry for my delay in replying, my mother board failed Well be back to sort out the last of the malware very soon Kc
  21. Hi AmoLaZucca Sorry for my delay in replying to you, My mother board failed had to get a new computer. Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download the following program:http://downloads.subratam.org/FINDnFIX.exe Don't run it yet Please download : Zone Alarm free firewall Now run the program and install the firewall on to your system. It will ask you to reboot Reboot into Safe Mode: please see here if you are not sure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe Click on Fix Checked when finished and exit HijackThis. Using Windows Explorer, locate the following files/folders, and delete them: C:\PROGRAM FILES\NAVISEARCH<--Delete the whole folder C:\Program Files\BullsEye Network<--Delete the whole folder Exit Explorer.Reboot as normal. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\SYSTEM\MSCB.DLL C:\WINDOWS\SYSTEM\NVMS.DLL C:\WINDOWS\SYSTEM\MSBE.DLL C:\WINDOWS\Buddy.exe C:\WINDOWS\All Users\Application Data\VBouncer C:\WINDOWS\systb.dll C:\WINDOWS\SYSTEM\nvms.dll C:\WINDOWS\INF\CERES.INF C:\WINDOWS\TEMP\upd208.exe C:\WINDOWS\TEMP\wrapperouter.exe C:\WINDOWS\TEMP\DrTemp\ceres.cab C:\WINDOWS\TEMP\DrTemp\ceres.cab C:\WINDOWS\TEMP\DrTemp\ceres.cab C:\WINDOWS\TEMP\DrTemp\ceres.inf C:\WINDOWS\TEMP\DrTemp\ceres.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\SYSTEM\exdl.exe C:\WINDOWS\SYSTEM\mqexdlm.srg C:\WINDOWS\SYSTEM\exul.exe C:\WINDOWS\SYSTEM\javexulm.vxd C:\WINDOWS\SYSTEM\bbchk.exe C:\WINDOWS\SYSTEM\exclean.exe C:\WINDOWS\SYSTEM\msbe.dll C:\WINDOWS\SYSTEM\nvms.dll C:\WINDOWS\SYSTEM\mscb.dll C:\WINDOWS\SYSTEM\exdl3.exe C:\WINDOWS\SYSTEM\exdl2.exe C:\WINDOWS\SYSTEM\exdl1.exe C:\WINDOWS\SYSTEM\exul3.exe C:\WINDOWS\SYSTEM\exul1.exe C:\WINDOWS\Buddy.exe C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[4].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab[ceres.inf] C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab[ceres.dll] C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\upd208[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\thnall5c[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[4].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[4].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe C:\WINDOWS\exdl.exe C:\Program Files\NaviSearch\bin\nls.exe C:\Program Files\BullsEye Network\bin\adv.exe C:\Program Files\BullsEye Network\bin\adx.exe C:\Temp\bb_click_wider.swf C:\Temp\bb_auto_wider.swf C:\Temp\bb_welcome.html C:\Temp\bb_welcome1.swf C:\Temp\icon.gif C:\Temp\logo.gif Let the system reboot. Please run FINDnFIX.exe and post the log. Please post the logs From FINDnFIX.exe and HJT.log Kc
  22. Hi AmoLaZucca If this file come back C:\WINDOWS\SYSTEM\uawpxm.exe we will need a bigger hammer Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Reboot into Safe Mode: please see here if you are not sure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL O4 - HKLM\..\Run: [uawpxm] c:\windows\system\uawpxm.exe Click on Fix Checked when finished and exit HijackThis. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\SYSTEM\UAWPXM.EXE C:\WINDOWS\All Users\Application Data\VBouncer C:\WINDOWS\Downloaded Program Files\YSBactivex.inf C:\WINDOWS\Downloaded Program Files\YSBactivex.dat C:\WINDOWS\TEMP\wrapperouter.exe C:\WINDOWS\CERES.DLL C:\WINDOWS\Downloaded Program Files\ysbactivex.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\SYSTEM\uawpxm.exe C:\WINDOWS\Buddy.exe C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\thnall5c[1].exe C:\WINDOWS\Temporary Internet Files\InstallAPS.exe Let the system reboot. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  23. Hi dom89 Congratulations! Your system is CLEAN :idea: Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here QUOTE Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc
  24. Hi AmoLaZucca Please read through the instructions before you start (you may want to print this out). Download Pocket Killbox and unzip it; save it to your Desktop. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\CERES.DLL C:\WINDOWS\CFGMGR52.DLL C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE C:\WINDOWS\SYSTEM\UAWPXM.EXE C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE c:\WINDOWS\SYSTEM\UAWPXM.EXE C:\WINDOWS\Start Menu\Programs\StartUp\AdDestroyer.lnk C:\WINDOWS\TEMP\!update.exe C:\WINDOWS\CERES.DLL C:\WINDOWS\SYSTEM\AUNPS2.dll C:\WINDOWS\unstall.exe C:\Program Files\AdDestroyer C:\WINDOWS\systb.dll C:\WINDOWS\CFGMGR52.DLL C:\WINDOWS\Downloaded Program Files\YSBactivex.??? C:\WINDOWS\INF\CERES.INF C:\WINDOWS\Start Menu\Programs\StartUp\AdDestroyer.lnk C:\WINDOWS\TEMP\!update.exe C:\WINDOWS\TEMP\wrapperouter.exe C:\WINDOWS\TEMP\DrTemp\ceres.cab C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.inf] C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.dll] C:\WINDOWS\TEMP\DrTemp\ceres.inf C:\WINDOWS\TEMP\DrTemp\ceres.dll C:\WINDOWS\TEMP\wupdt.exe C:\WINDOWS\Downloaded Program Files\ysbactivex.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\CERES.DLL C:\WINDOWS\Buddy.exe C:\WINDOWS\SYSTEM\uawpxm.exe C:\WINDOWS\SYSTEM\Shex.exe C:\WINDOWS\SYSTEM\SWLAD2.dll C:\WINDOWS\SYSTEM\PopOops2.dll C:\WINDOWS\SYSTEM\PopOops.dll C:\WINDOWS\SYSTEM\supdate.dll C:\WINDOWS\SYSTEM\SWLAD1.dll C:\WINDOWS\SYSTEM\area.exe C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\AppWrap[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\abiuninst[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\AutoUpdaterInstaller[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\polall5c[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab[ceres.inf] C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab[ceres.dll] C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\polall5c[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\thnall5c[1].exe C:\WINDOWS\Temporary Internet Files\InstallAPS.exe C:\WINDOWS\qnbxdoq.exe C:\WINDOWS\vwugi.dll C:\WINDOWS\yapgw.dat C:\WINDOWS\tbzxkovq.exe C:\WINDOWS\xkuzqtem.exe C:\WINDOWS\ru.exe C:\WINDOWS\unstall.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\cprynuc.dll C:\WINDOWS\ujrlhm.exe C:\unzipped\hijackthis\backups\backup-20050712-105652-142-cknu.exe C:\Recycled\Dc7\ProxyStub.dll C:\Program Files\VBouncer\BundleOuter.EXE C:\Program Files\VBouncer\VBouncerInner.EXE C:\Program Files\VBouncer\AdDestroyerInner.EXE C:\Program Files\VBouncer\VirtualBouncer.exe C:\Program Files\AdDestroyer\AdDestroyer.exe C:\cruysc.exe C:\WINDOWS\SYSTEM\AREA.EXE Let the system reboot. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm http://housecall.trendmicro.com/housecall/start_corp.asp Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  25. Hi AmoLaZucca Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Use windows add remove program file's uninstall the following: C:\Program Files\uthm\area.exe C:\Program Files\Aprps\ProxyStub.dll Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\uthm\area.exeExit Explorer.Reboot as normal. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\TEMP\!update.exe C:\WINDOWS\Buddy.exe C:\WINDOWS\unstall.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\Downloaded Program Files\YSBactivex.exe C:\WINDOWS\TEMP\!update.exe C:\WINDOWS\Downloaded Program Files\ysbactivex.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\Buddy.exe C:\WINDOWS\SYSTEM\uawpxm.exe C:\WINDOWS\SYSTEM\Shex.exe C:\WINDOWS\SYSTEM\supdate.dll C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\AutoUpdaterInstaller[1].exe C:\WINDOWS\qnbxdoq.exe C:\WINDOWS\vwugi.dll C:\WINDOWS\yapgw.dat C:\WINDOWS\tbzxkovq.exe C:\WINDOWS\xkuzqtem.exe C:\WINDOWS\ru.exe C:\WINDOWS\unstall.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\cprynuc.dll C:\WINDOWS\ujrlhm.exe C:\Program Files\Aprps\ProxyStub.dll C:\cruysc.exe Let the system reboot. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
×
×
  • Create New...