Jump to content

Trogan

Trusted Malware Techs
  • Content Count

    156
  • Joined

  • Last visited

Everything posted by Trogan

  1. Since there has been no reply, I assume the problem is resolved. Thread closed!
  2. Hi viwi Just a check in. Is the problem solved? Can I marked this resolved?
  3. Hi viwi That file does not belong to Internet Explorer. It looks like some piece of malware. Glad to hear IE is back to normal. Please give me an update in a few days, where hopefully things remain the same.
  4. Hi viwi Can you do what I suggested in my previous post please. Thanks!
  5. Hi viwi Can you delete xpsp2res.dll from the C:\Program Files\Internet Explorer folder. Reboot the computer and let me know if that improves things.
  6. Hi viwi Sorry for the delay. I'll get back to you soon; just a little busy at the moment.
  7. Hi viwi From my last post I still don't see AVG anti-virus. Please reinstall it unless you had problems with it? Let me know. The StartupList log is clean, too. Locate xpsp2res.dll in C:\Program Files\Internet Explorer. Right-click on the file and select Properties. Go to the Version tab and tell me what info is present, especially the Company.
  8. Hi viwi. I hope you are feeling better. Your current log is not showing AVG anti-virus like your first log did. I assume you have removed that thinking AVG anti-spyware is the same thing? They are not. AVG anti-virus and AVG anti-spyware are totally different. AVG anti-spyware is not an anti-virus program. I strongly advise that you reinstall AVG anti-virus. Safe Mode is generally like that. Everything is large. I don't know of any way to minimise the settings, unfortunately. Can I get you to do a few things please. 1. Let me know if xpsp2res.dll exists in this folder: C:\Program Files\Internet Explorer\ 2. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 . Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. 3. I would like to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Check the two white boxes next to Generate StartupList log Now, click on Generate StartupList log Press YES at the confirmation box Copy and paste the entire contents of Notepad here
  9. Hi Viwi! I'm not seeing anything in those logs., however lets run a few more scans to see what they determine. Please do the following... 1. I see you already have AVG anti-spyware. I want to run a new scan with it, even if nothing is found. Please configure as follows... Open AVG anti-spyware 7.5 On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update 2. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache *The other boxes are optional*Then click the Empty Selected button. Click Exit on the Main menu to close the program. 3. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. 4. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. Under How to scan? All checkboxes should be ticked. Under Possibly unwanted software: All checkboxes should be ticked. Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found. Under What to scan? Select Scan every file. Click on the Scan tab. Click on Complete System Scan to start the scan process. Let the program scan the machine. When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes . Reboot back into Normal Mode 5. Download this file - combofix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall 6. Please post the following... 1) AVG anti-spyware log 2) ComboFix log 3) New HijackThis log
  10. Hi Viwi There is nothing bad showing in your HijackThis log. Lets do a few scans and see what they reveal. 1. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) Unless you added these to your Trusted Zone, have HijackThis fix them. O15 - Trusted Zone: http://www.dynamicwealthsystems.com O15 - Trusted Zone: http://www.ebooks-made-easy.com O15 - Trusted Zone: http://www.free-ebooks.net O15 - Trusted Zone: http://www.google.ca O15 - Trusted Zone: http://www.jagmarketingsystem.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O15 - Trusted Zone: www.millionairemind.com O15 - Trusted Zone: http://www.pcpitstop.com O15 - Trusted Zone: http://www.profitmastersteam.com O15 - Trusted Zone: http://www.ryze.com O15 - Trusted Zone: http://www.startupinternetmarketing.com O15 - Trusted Zone: http://ginnyw.veretekk.com O15 - Trusted Zone: http://*.veretekk.com O15 - Trusted Zone: http://www.whoisginnywilson.com O15 - Trusted Zone: http://*.whoisginnywilson.com O15 - Trusted Zone: http://*.windowsupdate.com - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 2. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard) Scan Options:Scan Archives Scan Mail Bases Click OK Now under select a target to scan:Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. 3. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 4. Please post the following... 1) Kaspersky report 2) Uninstall list 3) New HijackThis log
  11. Glad I could help! I'll mark this resolved.
  12. Hi Phil Your very welcome. We're almost at the end... Quicktime is still showing in the log. Try removing it once more and let me know if it goes. Remove this orphaned entry too. O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) Here are some tips for a clean and secure computer. For XP users. It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following: Click Start | Help and Support | Undo changes to your computer with System Restore. Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close. Close the Help and Support Center box. Click Start | Run and type Cleanmgr Select (C: ) then click OK. Click the More Options tab. Click Clean Up in the System Restore Section. This will remove all previous restore points except the newly created one. Make your Internet Explorer more secure From within Internet Explorer click on the Tools menu and then click on Options. Click on the Security tab Click the Internet icon so it becomes highlighted. Click on Default Level and click OK Click on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies. When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Take the time to check out the following links Introduction to Internet Explorer 7 http://www.microsoft.com/windows/ie/default.mspx Internet Explorer 7 features http://www.microsoft.com/windows/ie/ie7/ab...es/default.mspx Release Notes for Internet Explorer 7 http://msdn2.microsoft.com/en-us/ie/aa740486.aspx These Release Notes give you information about installing Internet Explorer® 7 and contain information about known issues and possible workarounds for those issues. Internet Explorer 7 Ressources - In Depth Articles - Known Issues ... http://www.ie-vista.com/ Internet Explorer7 - Phishing Filter Frequently Asked Questions http://www.microsoft.com/mscorp/safety/tec...ishing/faq.mspx Resources for using Internet Explorer 6 http://support.microsoft.com/?kbid=867470 How to Configure Enhanced Security Features for Internet Explorer from Windows XP SP2 http://www.microsoft.com/technet/security/...xp/iesecxp.mspx Safety Home http://www.microsoft.com/mscorp/safety/default.mspx IEBlog http://blogs.msdn.com/ie/default.aspx Microsoft Malicious Software Removal Tool http://www.microsoft.com/security/malwarer...e/families.mspx Keep your Sun Java up to date The most current version of Sun Java is: Java Runtime Environment Version 6.0 http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "Java Runtime Environment (JRE) 6". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version. And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system. Check out these topics for more information: http://spywarewarrior.com/viewtopic.php?t=17910 http://spywarewarrior.com/viewtopic.php?t=17598 Free programs that may help you in keeping the PC clean SpywareBlasterSpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download SpywareBlaster here A tutorial can be found here SpywareGuardIt provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection. You can download SpywareGuard here A tutorial can be found here IE-SPYADIE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites. You can download IE-SPYAD here A tutorial can be found here Hosts FileA Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. A tutorial can be found here MVPS Hosts FileYou can download the MVPS Hosts File here Furthermore the website contains useful tips and links to other resources and utilities. Bluetack's Hosts File and Hosts Manager Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc... Download Bluetack's Hosts file here Download Bluetack's HostsManager here Free Spyware Detection and Removal Programs Ad-AwareIt scans for known spyware on your computer. These scans should be run at least once every two weeks. You can download Ad-Aware here A tutorial can be found here Spybot - Search & DestroyIt scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer. You can download Spybot - S&D here A tutorial can be found here Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware".You will find the list here WinPatrol WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files. Detect & Neutralize Spyware. Detect & Neutralize ADware. Detect & Neutralize Viral infections. Detect & Neutralize Unwanted IE Add-Ons. Detect & Restore File Type Changes. Automatically Filter Unwanted Cookies. Avoid Start Page Hijacking. Detect changes to HOSTS & critical system files. Kill Multiple Tasks that replicate each other, in a single step! Stop programs that repeatedly add themselves to your Startup List! Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.You can download WinPatrol here WinPatrol FAQ SiteHound by Firetrust Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus. SiteHound will alert you when you enter a site which is known to contain: Fraudulent claims or scams Offensive material Security vulnerabilities Spyware or Adware Spam related material or other content deemed to be unsafe Specifically, SiteHound blocks these categories: o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising o Pharming o Rogue or Suspect Product o Adware o Malware or Virus System Requirements: Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP Product Info & Download: SiteHound Toolbar Use an AntiVirus Software It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs. Computer Safety On line - Anti-Virus http://forum.malwareremoval.com/viewtopic.php?p=53#53 Update your Anti Virus Software It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below. Computer Safety On line - Software Firewalls http://forum.malwareremoval.com/viewtopic.php?p=56#56 A tutorial on Understanding and Using Firewalls can be found here
  13. Hi Phil Yep, you can remove it. Delete the folder also. The things we have done should not caused that. I'm sure it will go away soon. This line shows the Java file is missing. You might want to reinstall Java again. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing) Apart from that, your log is clean. Let me know how things are. You can delete the Tools we downloaded.
  14. Hi Phil! No, thats fine. Thanks for letting me know. Just a little left to do... 1. Backup Your Registry with ERUNT Please use the following link and scroll down to ERUNT and download it.http://aumha.org/freeware/freeware.php For version with the Installer:Use the setup program to install ERUNT on your computer For the zipped version:Unzip all the files into a folder of your choice. Click Erunt.exe to backup your registry to the folder of your choice. Note: to restore your registry, go to the folder and start ERDNT.exe 2. Open Notepad! Copy and Paste everything from the Quote box into Notepad: Go to File > Save As Save File name as Fix.reg Change Save as Type to All Files and save the file to your desktop. Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK 3. Reboot the computer and post a new HijackThis log. Let me know how things are too.
  15. Hi Phil! There is still some cleaning left to do as the ComboFix log shows some other infections, unfortunately. It may not exist. No need to worry about it. Please do the following... 1. Download RustBFix from one of the following locations... http://www.uploads.ejvindh.net/rustbfix.exe http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe ...and save it to your desktop. Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log in your next reply. 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O4 - HKLM\..\Run: [regsrvc] C:\Program Files\Retina-X Studios\AceSpy\systune -min O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) - - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Find and delete the following Folders and Files in RED... C:\Program Files\icuii C:\Program Files\izarc C:\Program Files\wr C:\Program Files\fish C:\Program Files\wssr.zip C:\Program Files\ieimage.zip C:\WINDOWS\iun6002.exe Remove these, unless you know what they are: C:\Program Files\MediaMonkey C:\Program Files\media monkey C:\Program Files\NewzToolz 4. Reboot the computer and rescan with ComboFix. It will create a new log. 5. Please post the following... 1) RustBFix logs 2) New ComboFix log 3) New HijackThis log
  16. Hi Phil! In that case, it looks like it was installed without your intention. Lets remove it. Please do the following... 1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache *The other boxes are optional*Then click the Empty Selected button. Exit on the Main menu to close the program. 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O4 - HKLM\..\Run: [regsrvc] C:\Program Files\Retina-X Studios\AceSpy\systune -min - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Find and delete the following Folders in RED: C:\Program Files\Retina-X Studios C:\Program Files\bs 4. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 . Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following...Java 2 Runtime Environment, SE v1.4.2_01 Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version. 5. Download this file to your Desktop - combofix.exeDouble click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall 6. Please post the ComboFix log, along with a new HijackThis log.
  17. Hi Phil! I'm from West London...Acton. Heard of it? You posted the correct log and doing everything correctly, thanks. It looks like the infection has gone as it not showing in your HijackThis log. Lets run another scan... 1. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 2. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard) Scan Options:Scan Archives Scan Mail Bases Click OK Now under select a target to scan:Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. 3. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 4. Please post the following... 1) Kaspersky log 2) Uninstall list 3) New HijackThis log Some questions: Do you know what this program is?O4 - HKLM\..\Run: [regsrvc] C:\Program Files\Retina-X Studios\AceSpy\systune -min Do you have a Firewall? How is the computer running at present?
  18. Good job! Two things I'd like you to do please. First: The latest HijackThis log is hard to read with all those spaces. Please create a new log, but when Notepad opens uncheck Word Wrap under the Format tab. Second Is this a new FindAWF log? It looks like the old one showing the infected files. Could you run a new scan so it can produce a new log please. Post the new HijackThis log and FindAWF log back here.
  19. Hi Phil! Apologies again for the delay. Please do the following... 1. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode! Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. 2. Download these files to your Desktop. Right-click and select Save Links As (in Firefox) or Save Target As (in IE) to download them. http://www.mvps.org/winhelp2002/DelDomains.inf http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg Don't do anything with them yet! 3. Open Notepad! Copy and Paste everything from the Quote box into Notepad: Go to File > Save As Save File name as "Fix.bat" (including quotes) Save the file to your Desktop Don't do anything with this yet! 4. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) F3 - REG:win.ini: run=, O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O20 - AppInit_DLLs: O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 5. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. 6. Once in Safe Mode, find and delete the following File: C:\Documents and Settings\All Users\Documents\Settings\partnership.dll <-- This file 7. Next, locate Fix.bat on your Desktop and double-click it. A black box will open and close quickly - that is normal! 8. Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. Under How to scan? All checkboxes should be ticked. Under Possibly unwanted software: All checkboxes should be ticked. Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found. Under What to scan? Select Scan every file. Click on the Scan tab. Click on Complete System Scan to start the scan process. Let the program scan the machine. When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode 9. Locate the two files you downloaded earlier... For DelDomains.inf.. Right-click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. You will have to re-immunize with SpywareBlaster, IE-SPYAD, and/or Spybot - Search & Destroy after doing this. For ResetProtocolDefaults.reg...Locate ResetProtocolDefaults.reg which should be on your desktop. Right-click and select: Merge. OK the prompt. 10. Run FindAWF once more 11. Please post the following... 1) AVG anti-spyware log 2) FindAWF log 3) New HijackThis log
  20. Sorry for the delay. I'm just getting something checked out.
  21. Hi Phil! You have a nasty infection that infects legit files. Please do the following... Download this file to your Desktop and run it. FindAWF It will produce a log. Please post that here.
  22. Trogan

    my hjt

    It should be safe to install IE7. I have it on my computer with no problems. I know other people have it, and have not heard of any problems. Can I close this thread or is there anything else I can help with?
  23. Trogan

    my hjt

    Sorry, I couldn't help solved your problem.
  24. Trogan

    my hjt

    Hey! I still can't find something that would be causing the problem. No one replied, probably because they don't whats causing the problem. The only thing I can suggest is to Uninstall SpySweeper, reboot your computer and try installing it again.
  25. Trogan

    my hjt

    Hi rgsmile, I could not find anything that would be causing the SpySweeper problem. This sounds like a software problem. You could ask in the User to User help forum here at the pit. I'll keep having a look around to see if I get anything.
×
×
  • Create New...