| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64674 | 2005-12-23 01:05:00 | W32.Sinnaka.A@mm or Spy Trooper | cookiemonster (9463) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 415026 | 2005-12-23 01:05:00 | Attention! Your system is under control of remote computer with IP address 227 . 4 . 167 . 118 . The remote computer has access to the following folders on your PC: - \WINDOWS\System32 - \Program Files\Internet Explorer - \My Documents - Drive C:\ files Click here to download official anti-spyware software Your private info is collected by W32 . Sinnaka . A@mm O/S:XP Windows Home, IE SP2 Above is my laptop,I'm posting this from my main computer . (Main has Router 4 way port,able to run 4 compuers from it)Router is Dynalink RTA300 ADSL Router . laptop is setup to use internet in Australia,via an mobil broadband device but has > inside network connection: Wireless network connection not connected,firewalled 802 . 11 b/g wireless adapter 1394 connection connected,firewalled 1394 net adapter Local area network(LAN) network cable unplugged,firewalled Realtek RTL 8139 family PCI fast ethernet NIC no idea on how any of these work,cant seem to find any help/read me files ethier The above 3 are on my laptop . Also have or think I've set system restore date to the first day I got it,April 05 approx also think I set it to 5% Also have deleted all antivirus software was(Norton 2003 upto date with latest virus,trojan update) also d/loaded WinAntiVirus 2005(latest version upto date with latest virus,trojan update)deleted as didnt not cure problem more fustration than anythink else . The laptop has cd-r(The only way to transerfer any think,If possible or allowed :help: anyone thats read my post on router/internet help and wonder why the heck i'm after an internet connection to my laptop with the virus,well i'm at wits end to solve this,I'm thinking I've muck it up by deleting norton/winantivirus 2006 but they never got rid of it . . . . . . . . . I thought if I managed to get on with the laptop,I could send my log file for the guru's to examine . . . . but if I did,would the virus jump from laptop to the other computers using the same router? c:help::waughh:kiem:annoyed:ster P . S . Help!!!! |
cookiemonster (9463) | ||
| 415027 | 2005-12-23 01:35:00 | follow the info posted here www.geekstogo.com |
bartsdadhomer (80) | ||
| 415028 | 2005-12-23 06:06:00 | As you will be working in safe mode its best if you print these instruction . Work throught the instructions in the order set out . Download all required program fixes first Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . Double click on the file to extract it to it's own folder on the desktop . Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 . Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode . Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . ================================================== Download the trial version of Ewido Security Suite ( . ewido . net/en/download/" target="_blank">www . ewido . net) When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu" . Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it) . The program will now go to the main screen . You will need to update ewido to the latest definition files . On the left hand side of the main screen click update and then click on Start Update . The update will start and a progress bar will show the updates being installed . If you have problems with the updater, you can use this link to manually update ewido . . ewido . net/en/download/updates/ . " target="_blank">www . ewido . net Do not run a scan yet . When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts) . Run Ewido Security Suite now . Click on Scanner and click Complete System Scan and the scan will begin . During the scan it will prompt you to clean files, click OK . When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK . When the scan is finished, click the Save report button at the bottom of the screen . Save the report to your desktop and close Ewido Security Suite ==================================== Please download HijackThis ( . cyberanswers . org/forum/uploads/HijackThis1991 . exe" target="_blank">www . cyberanswers . org) . It will create a directory folder for you in C\Program files . Run a scan and save the log file . Post the whole log file here . Do not fix anything since most of them listed there are harmless (some are system required) . This program will help determine what,if any, spyware/malware is on your computer . |
Pancake (6359) | ||
| 415029 | 2005-12-23 09:37:00 | I just got done with your suggestion Pancake,the only thing is my laptop isnt configured to NZ internet,so was unable to do any suggestions for laptop but,I just did my main computer and this is the log file from Ewido: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:20:13 p.m., 23/12/2005 + Report-Checksum: 5B61CA28 + Scan result: :mozilla.12:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.13:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.14:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.26:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.27:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.50:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.53:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.54:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.59:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.60:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.61:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.62:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.63:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.66:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.67:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.95:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.96:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.97:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.98:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.99:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.123:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.124:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.126:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.127:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.128:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.129:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.130:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.131:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.134:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.135:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.150:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.151:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.158:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.159:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.180:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.181:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.182:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.183:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.184:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.185:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.186:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.201:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.202:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.203:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.204:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.245:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup :mozilla.268:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup :mozilla.309:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.319:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.341:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.367:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.368:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.369:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.375:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.385:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.386:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.389:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.403:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.424:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.425:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.426:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.427:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.428:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.456:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup :mozilla.459:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.460:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.461:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.462:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.463:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.464:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.465:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.466:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.467:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.468:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.469:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.491:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.492:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.493:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.494:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.495:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.496:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.497:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.498:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.499:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.500:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.564:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.565:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.566:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.567:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.580:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.581:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.582:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.583:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.584:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.585:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.586:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.587:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.588:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.589:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.590:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.621:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup :mozilla.622:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup :mozilla.623:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup :mozilla.643:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup :mozilla.661:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.662:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.680:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.681:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.682:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.683:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.684:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.744:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.745:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.746:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.747:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.748:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.749:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.750:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.751:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.752:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.753:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.754:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.755:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.756:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.757:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.758:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.759:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.760:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.761:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.762:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.763:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.806:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.807:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.808:C:\Documents and Settings\oem\Application Data\Mozilla\Firefox\Profiles\qwhqfmrz.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup C:\Documents and Settings\oem\Local Settings\Application Data\Wildtangent\Cdacache\00\00\12.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning :mozilla.9:C:\RECYCLER\NPROTECT\00115670.MOZ -> Spyware.Cookie.Overture : Cleaned with backup ::Report End heres the hijack this log as well:(done last,as suggested) Logfile of HijackThis v1.99.1 Scan saved at 10:20:56 p.m., on 23/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,_huytam_ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvUpdater] nwiz32.exe O4 - HKCU\..\Run: [CTUpdate] ctupdclt.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ Yahoo! Pager] "C:\Program Files\ Yahoo! \Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\RunServices: [NvUpdater] nwiz32.exe O4 - HKCU\..\RunServices: [CTUpdate] ctupdclt.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O16 - DPF: JT's Blocks - download.games.yahoo.com O16 - DPF: {00000000-0000-0000-0000-000020040000} - 207.234.185.217 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com O16 - DPF: {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} (ParallelGraphics Installer Class) - www.outline3d.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - go.microsoft.com O16 - DPF: {18871EA7-1B30-46DE-9283-E96E707492BA} (Playcom_ATL_Object Class) - leela.vide.se O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - www.fileplanet.com O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - zone.msn.com O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - zone.msn.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by22fd.bay22.hotmail.msn.com O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - secure2.comned.com O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - www.windowsecurity.com O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - fdl.msn.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GlobalSCAPE Secure FTP Server - Unknown owner - C:\Program Files\GlobalSCAPE\Secure FTP Server 1.0\cftpstes.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe c:cool::Dkiem:badpc:nster P.S. hope the above log files are done correctly :confused: |
cookiemonster (9463) | ||
| 415030 | 2005-12-23 10:22:00 | Hi and Welcome It may help to print out or copy this page as you will be working in Safe Mode . . Make sure to work through the fixes in the exact order its listed . . SHOW HIDDEN FILES AND FOLDERS . To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive . Folders that have been highlighted RED will need to be uninstalled . ------------------------------------------------------------------ Please start by going into SAFE MODE . During reboot, tap the F8 key . Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc . Tools->Open Uninstall manager Error Nuker ----------------------------------------------------------------- Go into HijackThis->Config->Misc . Tools->Open process manager . Select the following exe file and click End Process for each one if they are listed . nwiz32 . exe ctupdclt . exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank . ht m R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank . ht m R3 - Default URLSearchHook is missing O4 - HKLM\ . . \Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker . exe autostart O4 - HKCU\ . . \Run: [NvUpdater] nwiz32 . exe O4 - HKCU\ . . \Run: [CTUpdate] ctupdclt . exe O4 - HKCU\ . . \RunServices: [NvUpdater] nwiz32 . exe O4 - HKCU\ . . \RunServices: [CTUpdate] ctupdclt . exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - . 234 . 185 . 217/ABoxInst_int12 . exe" target="_blank">207 . 234 . 185 . 217 ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s C:\WINDOWS\system32\userinit . exe,_huytam_ C:\Program Files\Error Nuker C:\WINDOWS\system32\ nwiz32 . exe C:\WINDOWS\system32\ctupdclt . exe ------------------------------------------------------------------- When finished please post a new log . . . . . . |
Pancake (6359) | ||
| 415031 | 2005-12-23 20:35:00 | Hi and Welcome It may help to print out or copy this page as you will be working in Safe Mode . . Make sure to work through the fixes in the exact order its listed . . SHOW HIDDEN FILES AND FOLDERS . To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive . Folders that have been highlighted RED will need to be uninstalled . ------------------------------------------------------------------ Please start by going into SAFE MODE . During reboot, tap the F8 key . Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc . Tools->Open Uninstall manager Error Nuker ----------------------------------------------------------------- Go into HijackThis->Config->Misc . Tools->Open process manager . Select the following exe file and click End Process for each one if they are listed . nwiz32 . exe ctupdclt . exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank . ht m R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank . ht m R3 - Default URLSearchHook is missing O4 - HKLM\ . . \Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker . exe autostart O4 - HKCU\ . . \Run: [NvUpdater] nwiz32 . exe O4 - HKCU\ . . \Run: [CTUpdate] ctupdclt . exe O4 - HKCU\ . . \RunServices: [NvUpdater] nwiz32 . exe O4 - HKCU\ . . \RunServices: [CTUpdate] ctupdclt . exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - . 234 . 185 . 217/ABoxInst_int12 . exe" target="_blank">207 . 234 . 185 . 217 ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s C:\WINDOWS\system32\userinit . exe,_huytam_ Found but didn't have _huytam_ at the end C:\Program Files\Error Nuker not found C:\WINDOWS\system32\ nwiz32 . exe not found C:\WINDOWS\system32\ctupdclt . exe not found ------------------------------------------------------------------- When finished please post a new log . . . . . . Pancake Forgot to mention that when login to main computer it was passworded to login now cant login on main ever time I type password in/press enter it loads for about 1-2 sec's then logs back to password as login off . *So I'm unable to post the hijack log file* See also buttom in red colour ,alsoprinter keeps printing out this whole topic = 5 pages . *Posted this from the family computer :blush: * c:horrified:confused:kiem:dogeye:nster |
cookiemonster (9463) | ||
| 415032 | 2005-12-23 23:45:00 | As long as you did'nt remove this one its ok C:\WINDOWS\system32\userinit.exe ? Can you start the other machine in safe mode,do a scan and put it on a floopy and send it from the good machine.I really need to see the log before I can continue. |
Pancake (6359) | ||
| 415033 | 2005-12-24 00:22:00 | :horrified :eek: I assumed C:\WINDOWS\system32\userinit.exe,_huytam_ was C:\WINDOWS\system32\userinit.exe so deleted it. c:( :( kiem:horrified ster |
cookiemonster (9463) | ||
| 415034 | 2005-12-24 00:39:00 | I just sent you a PM.My fault I should have detailed it better.You can get the file from HJT backup. | Pancake (6359) | ||
| 415035 | 2005-12-24 00:53:00 | Cant get in using safe mode ethier: Admin or (OEM(which requires pasword,but still loads,then unloads back to login) :confused: c:2cents::2cents:kiem:confused:nster |
cookiemonster (9463) | ||
| 1 2 3 4 5 6 7 8 | |||||