Jump to content

LDTate

Trusted Malware Techs
  • Content Count

    255
  • Joined

  • Last visited

About LDTate

  • Rank
    Member

Contact Methods

  • Website URL
    http://www.forums.security-central.us/index.php
  • ICQ
    0

Previous Fields

  • Teams:
    Nothing Selected
  1. LDTate

    hjt help!

    How are you diong with the fix?
  2. LDTate

    [Solved] Winfixer

    Sorry I don't see anything else in your HJT log to fix.
  3. LDTate

    [Solved] Winfixer

    Unless you know what this is; use Add/Remove Programs and remove: Hyperteams Scan with HJT and kill this one: O4 - Startup: Hyperteams.lnk = C:\Program Files\Hyperteams\framework.exe Delete this file is still listed C:\Program Files\Hyperteams\framework.exe Reboot and let me know how it's working.
  4. LDTate

    hjt help!

    Restart your computer in Safe Mode. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter. This can take several miniutes to load. C:\PROGRA~1\COMMON~1\ICROSO~1 Delete this folder, I think it will be here: C:\PROGRAM Files\COMMON Files\ICROSOFT <--Make sure it starts with ICROSO Scan with HJT and fix this one: O2 - BHO: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) Empty Recycle Bin Reboot Normal and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.
  5. LDTate

    [Solved] Help me...

    Good Job Log looks good Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one. It is critical to have both a firewall and anti virus to protect your system. Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below. Safe Surfing. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein
  6. LDTate

    [Solved] Winfixer

    You can go through this fix again and see if it finds anything. Download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please download the trial version of ewido anti-malware 3.5 here:http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. While still in Safe Mode: Open C:\Windows\Prefetch\ Delete ALL files in this folder. Do this also if these Temp Folders are part of your OS. Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  7. LDTate

    [Solved] Help me...

    I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: Save WhenUSave Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O20 - Winlogon Notify: wineqx32 - wineqx32.dll (file missing) Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\Program Files\Save\Save.exe Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  8. LDTate

    hjt help!

    Please do not delete anything unless instructed to. 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: RXToolBar Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: R3 - URLSearchHook: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) O2 - BHO: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKCU\..\Run: [sen] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\rundll.exe" -vt ndrv O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SOONGOO\LOCALS~1\Temp\hpdj.exe (file missing) Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\PROGRA~1\COMMON~1\ICROSO~1.NET\rundll.exe <--ONLY from this location Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  9. LDTate

    hjt help!

    Were you able to do that?
  10. Great job You're more then welcome. Glad we were able to help Peace be with you
  11. Good Job use Add/Remove Programs and remove Ewido unless you want to keep it. It's only a 14 day trial version. Log looks good Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one. It is critical to have both a firewall and anti virus to protect your system. Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below. Safe Surfing. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein
  12. Important: Do this before any fix. Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT). You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT. Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste. The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files. After the above: Please do not delete anything unless instructed to. Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyeBay...se*kids*clothes R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoftnews.com/ms/display_main.php?tac=Alexa O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - Startup: PowerReg Scheduler V3.exe Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\WINDOWS\ALCXMNTR.EXE Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  13. LDTate

    hjt help!

    Lets try this then. Please download the trial version of ewido anti-malware 3.5 here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  14. LDTate

    [Solved] Winfixer

    Were you visiting a certain web site when it popped up? What exactlydoes it say when the winfixer pops up?
  15. Hello angie276, welcome to the Forum. Download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please download the trial version of ewido anti-malware 3.5 here:http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. While still in Safe Mode: Open C:\Windows\Prefetch\ Delete ALL files in this folder. Do this also if these Temp Folders are part of your OS. Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
×