Jump to content

thatman

Trusted Malware Techs
  • Content Count

    128
  • Joined

  • Last visited

Everything posted by thatman

  1. Hi tashkent You have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! Kc
  2. thatman

    winfixer 2005 [resolved]

    Hi r7yea Congratulations! Your system is CLEAN Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc
  3. thatman

    winfixer 2005 [resolved]

    Hi r7yea You have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! Now run option 2 Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Kc
  4. thatman

    winfixer 2005 [resolved]

    Hi r7yea Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download and install AD-Aware se. Click Here on how setup and use it - please make sure you update it first. Don't run yet. Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later. Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. Ewido will auto-udate. Don't run yet Reboot into Safe Mode: please see here if you are not sure how to do this. Run Ewido full scan. Save the scan.log. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\suxcoins.dll Click on Fix Checked when finished and exit HijackThis. Run Ad-aware se let it remove all it finds Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove: Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.) c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm C:\Program Files\1-Click Answers\Html\atiemenu.htm C:\WINDOWS\system32\suxcoins.dll Let the system reboot as normal. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system. Run HijackThis and post the new log. Kc
  5. thatman

    Another Hijackthis log

    Hi tonka No ewido is not a virus scanner. The activeX from panda is very safe. You will know for sure if you allow Panda to do a scan. Kc :beer:
  6. Hi AmoLaZucca Have not forgot you still a few problems with my system Will be back to clean the systerm very soon now. Kc :beer:
  7. thatman

    Please Advise [resolved]

    Hi UndertakerPOH Congratulations! Your system is CLEAN Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc
  8. thatman

    Another Hijackthis log

    Hi tonka Your HJT.log is clean hare you having any problems now. Kc :beer:
  9. thatman

    Winfixer 2005 - Please help[resolved]

    Hi dublon Congratulations! Your system is CLEAN Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY. Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html Spybot Tutorial Disable Spybot Tutorial Winpatrol Free Ad-Aware SE Personal Edition Free AdAware Tutorial Turn of system restore Disabling or enabling Windows XP System Restore WIndows ME Defrag your hard drive. Turn system restore back on and create a new restore point. Tony Klien: So how did I get infected in the first place How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer. Consumes no system resources. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page. It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows. These next two steps are optional, but will provide the greatest protection. 1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox. http://www.mozilla.org/products/firefox/ 2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine . You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html. http://www.java.com/en/download/manual.jsp Windows (Offline Installation) After doing all these, your system will be thoroughly protected from future threats. Have a nice Day. Kc :beer:
  10. thatman

    Winfixer 2005 - Please help[resolved]

    Hi dublon Safe Mode written in all 4 corners, yes you are in safemode it does take some time to run? If you suspect it has hung > Click on start > Then run > now type into the box explorer Let me know if that works. Kc :beer:
  11. thatman

    Another Hijackthis log

    Hi tonka Sorry for the delay in replying. Please run the panda online scan do not rely on your McAfee. Post a log form the panda scan Thanks Kc :beer:
  12. thatman

    Please Advise [resolved]

    Hi UndertakerPOH How is your system now have you any problems to report. Kc
  13. thatman

    Winfixer 2005 - Please help[resolved]

    Hi dublon Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download and install AD-Aware se. Click Here on how setup and use it - please make sure you update it first. Don't run yet. Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later. Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. Ewido will auto-udate. Don't run yet Reboot into Safe Mode: please see here if you are not sure how to do this. Run Ewido full scan. Save the scan.log. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items: O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: MSEvents Object - {7697DB96-5DA3-44F2-BC97-AD35E5F4CEDC} - C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll O20 - Winlogon Notify: acdisk - C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll Click on Fix Checked when finished and exit HijackThis. Run Ad-aware se let it remove all it finds Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove: Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.) C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll Let the system reboot as normal. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system. Kc
  14. thatman

    Another Hijackthis log

    Hi tonka Look for the item here: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd I found delete the item. Kc
  15. Hi AmoLaZucca Sorry for my late reply had some problems with my new computer. Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Download Pocket Killbox and unzip it; save it to your Desktop. Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following (Code in the box) into Notepad: [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET] [-HKEY_LOCAL_MACHINE\SOFTWARE\APRPS] [-HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL] [-HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}] Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.Doubleclick the file and confirm you want to merge it with the registry. Reboot into Safe Mode: please see here if you are not sure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing) O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKCU\..\Run: [surfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe O4 - Startup: cknu.exe Click on Fix Checked when finished and exit HijackThis. Using Windows Explorer, locate the following files/folders, and delete them: C:\PROGRAM FILES\SURFSIDEKICK 3<--Delete the whole folder cknu.exe<--Delete this file Exit Explorer. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\SYSTEM\exp C:\WINDOWS\SYSTEM\LBWND80N.DLL C:\WINDOWS\SYSTEM\SWCOMM36.DLL C:\WINDOWS\CPRYNUC.DLL C:\WINDOWS\SYSTEM\Searchx.htm C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll C:\WINDOWS\APPLICATION DATA\Sskknwrd.dll C:\WINDOWS\Start Menu\Programs\StartUp\cknu.exe C:\WINDOWS\TEMP\pav8148.TMP C:\WINDOWS\TEMP\pav81A7.TMP C:\WINDOWS\TEMP\pav81B7.TMP C:\WINDOWS\TEMP\pav8294.TMP C:\WINDOWS\Downloaded Program Files\clientax.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\SYSTEM\MXXML.DLL C:\WINDOWS\SYSTEM\OKBC32GT.DLL C:\WINDOWS\SYSTEM\OGE2CONV.DLL C:\WINDOWS\SYSTEM\MWASN1.DLL C:\WINDOWS\SYSTEM\GEI32.DLL C:\WINDOWS\SYSTEM\RBCLTC1.DLL C:\WINDOWS\SYSTEM\luXbm12n.dll C:\WINDOWS\SYSTEM\IEDll300.dll C:\WINDOWS\SYSTEM\uninstal.exe C:\WINDOWS\SYSTEM\pinstaller.exe C:\WINDOWS\SYSTEM\MXRD2X40.DLL C:\WINDOWS\SYSTEM\LBWND80N.DLL C:\WINDOWS\SYSTEM\MGVIDC32.DLL C:\WINDOWS\SYSTEM\SWCOMM36.DLL C:\WINDOWS\SYSTEM\Stace.dll C:\WINDOWS\SYSTEM\SDNCUI.DLL C:\WINDOWS\yapgw.dat C:\WINDOWS\cprynuc.dll C:\WINDOWS\ujrlhm.exe C:\WINDOWS\qnbxdoq.exe C:\WINDOWS\vwugi.dll C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll C:\SSK39.exe Let the system reboot. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  16. thatman

    My HJL [resolved]

    Hi MrHappyGoLucky12 Your HJT.log is clean. What problems are you having now, if any Kc
  17. thatman

    Another Hijackthis log

    Hi tonka Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O4 - Global Startup: run_startmenu.cmd Click on Fix Checked when finished and exit HijackThis. [*]Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: O4 - Global Startup: run_startmenu.cmd Exit Explorer.Reboot as normal. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  18. thatman

    My HJL [resolved]

    Hi MrHappyGoLucky12 So ewido removed two cookie's Post a new HJT.log Kc
  19. Hi AmoLaZucca Hey don't give up on me now. File's in system restore we will sort them after Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.) C:\WINDOWS\Downloaded Program Files\clientax.dll C:\WINDOWS\Downloaded Program Files\jao.dll C:\WINDOWS\SYSTEM\MGVIDC32.DLL C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\cassetup[1].exe C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\RMKJVPCT\webservice[1].htm C:\WINDOWS\Temporary Internet Files\Content.IE5\KX0ZGZSN\webservice[1].htm C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe C:\SSK39.exe C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll C:\WINDOWS\TEMPORARY INTERNET FILES\Ssk.log Let the system reboot as normal. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin XP ONLY. When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system. Kc
  20. thatman

    HJT log for Startpage.GX

    Hi CD_Random Thank you for letting us know. Kc
  21. thatman

    My HJL [resolved]

    Hi MrHappyGoLucky12 Please post a new HJT.log Kc
  22. thatman

    My HJL [resolved]

    Hi MrHappyGoLucky12 Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Please download and install AD-Aware se. Click Here on how setup and use it - please make sure you update it first. Don't run yet. Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later. Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/ This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. Ewido will auto-udate. Don't run yet Reboot into Safe Mode: please see here if you are not sure how to do this. Run Ewido full scan. Save the scan.log. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items: O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://www.passalong.com/Music/activex/TPActiveX.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab Click on Fix Checked when finished and exit HijackThis. Run Ad-aware se let it remove all it finds Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove: Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.) C:\WINDOWS\SYSTEM32\wnscpcc.exe Let the system reboot as normal. Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system. Kc
  23. thatman

    My HJL [resolved]

    Hi MrHappyGoLucky12 Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Reboot into Safe Mode: please see here if you are not sure how to do this. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab Click on Fix Checked when finished and exit HijackThis. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\sami<--Delete the whole folder C:\WINDOWS\system32\?vchost.exe<--Delete this filemaking sure you do not delete the real svchost.exe Exit Explorer. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. C:\WINDOWS\system32\unvujpke.dll Let the system reboot as normal. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  24. thatman

    Please Advise [resolved]

    Hi UndertakerPOH Please read through the instructions before you start (you may want to print this out). Please set your system to show all files; please see here if you're unsure how to do this. Important Step Go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called: Symantec Network Drivers Service (SNDSrvc) When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items: O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) Click on Fix Checked when finished and exit HijackThis. Please run the following free, online virus scans. http://www.pandasoftware.com/activescan/co...n_principal.htm Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system. Kc
  25. Hi Please down load the following: http://downloads.subratam.org/FINDnFIX.exe Unzip the the file then run the find bat file Post the log with a new HJT.log Kc
×