|
backup virus copies
|
|
|
ravens1
Member
|
21. November 2006 @ 17:29 |
Link to this message
|
I ran scans with AVG free over about 2 weeks. Once again my computer seems to be infected. I took my pc to a computer store who didnt reformat, but remove Ad-Aware and viruses.
So, now i have 33 files in my AVG virus vault. Every virus is almost exactly the same. About 32/33 are 696KB, and are random names, which all end in .dll . so random names are like sojbno.dll, uiwvbd.dll . Again, 32/33 are: Trojan Horse Generic2.IKG, also trojan Horse PSW.Generic2.RFG . They are all backup copies. Every virus file is placed in different folders. My question is how to find the main virus file creating all these little viruses, and can i delete them because they are .dll.
|
|
Advertisement
|
|
|
|
|
ravens1
Member
|
22. November 2006 @ 09:39 |
Link to this message
|
|
bump
|
Senior Member
|
22. November 2006 @ 12:54 |
Link to this message
|
One of those(PSW.Generic2.RFG) is a password stealing trojan. I strongly recommend you change all your online account passwords, including all bank and financial accounts, from a clean computer of course.
Please post your HjT log so I can see the problem regenerating the files.
This message has been edited since posting. Last time this message was edited on 22. November 2006 @ 12:55
|
|
ravens1
Member
|
24. November 2006 @ 11:59 |
Link to this message
|
|
I have done Hijack this logs before and saved them, but after i run a scan and click save log, it doesn't prompt me where i want to save it to. Ive checked everywhere on my hd.
|
Senior Member
|
24. November 2006 @ 12:03 |
Link to this message
|
It doesn't prompt you where to save because it is automatically saved when it opens. It will be in the same folder your HijackThis.exe is located.
|
|
ravens1
Member
|
27. November 2006 @ 11:58 |
Link to this message
|
|
i moved hijack this to a separate folder and saved a log file but the log didnt show up. I think what is creating these viruses is: Win32/spy.VBstat.H trojan
|
Senior Member
|
27. November 2006 @ 15:09 |
Link to this message
|
Go here to download the trial version of AVG Anti-spyware.
Install and open AVGAS.
Click "Update" then click "Start update".
After updating, close AVGAS.
Note: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open AVGAS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report" and save it to the desktop.
Post back with the AVGAS report and a HijackThis(if possible).
|
|
ravens1
Member
|
29. November 2006 @ 11:30 |
Link to this message
|
I visited this post because for some reason my icons changed. Like Adobe reader changed into a notepad symbol, etc.
I read your post, but ive always had trouble booting into safe mode. i properly shut off my pc, get the screen then select safemode. From there white words (names of files, folders) start scolling on my screen. Then my pc makes a sound and restarts.
I have avgas but when i scan all it comes up with is tracking cookies. My avgav has now 44 trojans in it. I think the virus that is causing these problems is Win32/spy.VBstat.H Trojan, because i get access denied when trying to rename, delete, & quarantine.
Another problem is ill be using Firefox and this blank popup comes up. The url is just random letters and numbers, and all blank.
Also, since i got my pc fixed i will be using Firefox, then my start bar, icons and everything in the background disappears, but still enabling me to use Firefox. Like ill minimize Firefox and all thats there is my background.
For awhile i haven't downloaded anything!, but new Trojans appear. They aren't a random name. Like Win32/spy (something)
Thanks for all your help.
This message has been edited since posting. Last time this message was edited on 29. November 2006 @ 11:32
|
Senior Member
|
29. November 2006 @ 13:52 |
Link to this message
|
Okay, I'd really like to see your HijackThis log.
Do a system scan and save a logfile. When Notepad opens with the log, copy/paste it immediately into your reply box. Don't worry about trying to save it.
|
|
ravens1
Member
|
29. November 2006 @ 15:26 |
Link to this message
|
|
Id like to post the log file but right after i scan, then i click save, and it saves. where?, i dont know. Ive checked every folder on my hd. It doesnt open with notepad right away so i can copy and paste.
|
Senior Member
|
29. November 2006 @ 15:36 |
Link to this message
|
Are you clicking "Do a system scan only" or "Do a system scan and save a logfile"?
You need to click "Do a system scan and save a log file". And then, after the scan is complete Notepad will launch. Then copy/paste the results.
If Notepad doesn't open automatically with the log uninstall HijackThis via Add/Remove Programs.
Re-download HijackThis.
Create a folder in C:\ named HjT
Unzip the HijackThis file there.
Then, "Do a system scan and save a log file".
Notepad should open automatically. If it does not, the log file will be located as C:\HjT\HijackThis.txt
|
|
ravens1
Member
|
30. November 2006 @ 11:03 |
Link to this message
|
My computer seems to be getting much worse. I opened mozilla and 54 ie popups cam up...
Also for HjT, all there is is scan. After the scan there is save log. Thats all. My pc doesnt start in safemode.. and i think that viruses are removed in safemode...
This message has been edited since posting. Last time this message was edited on 30. November 2006 @ 11:08
|
|
ravens1
Member
|
30. November 2006 @ 11:12 |
Link to this message
|
i downloaded a different version.
Logfile of HijackThis v1.99.1
Scan saved at 4:11:44 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1140209414083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1146943814406
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Senior Member
|
30. November 2006 @ 14:38 |
Link to this message
|
Now I know your problems. Just needed the HjT log. :)
Download VundoFix to your desktop.
Double-click VundoFix.exe to run it.
Click "Scan for Vundo".
Once it's done scanning, click "Remove Vundo".
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt along with a new HijackThis log.
This message has been edited since posting. Last time this message was edited on 30. November 2006 @ 14:39
|
|
ravens1
Member
|
1. December 2006 @ 10:28 |
Link to this message
|
Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 3:26:37 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\fybdsiyd.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {69A51048-7C28-47E0-A4AC-D37F8A17CD20} - C:\WINDOWS\awveuala.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1140209414083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1146943814406
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thanks again for your help!!! :)
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 10:40
|
|
ravens1
Member
|
1. December 2006 @ 11:44 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 13:03
|
Senior Member
|
1. December 2006 @ 11:45 |
Link to this message
|
Go to Add/Remove Programs and uninstall:
VSAdd-in
Delete this folder:
C:\Program Files\VSAdd-in
Then, run a scan only with HijackThis, check these(if there):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\fybdsiyd.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {69A51048-7C28-47E0-A4AC-D37F8A17CD20} - C:\WINDOWS\awveuala.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
Close all windows except HijackThis, then click "Fix checked".
Go here and download CCleaner.
Note: If you do not want Yahoo! Toolbar uncheck the option when installing.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Close all windows.
Click Cleaner > Run Cleaner.
Exit CCleaner and restart your computer.
Then, go here to run ActiveScan.
Click "Panda ActiveScan.
Fill in the form with your information.
After downloading, click My Computer to scan.
When it finishes, click "See Report".
Click "Save report" and save it to the desktop.
Post back with the ActiveScan log and a new HijackThis log.
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 11:46
|
|
ravens1
Member
|
1. December 2006 @ 16:14 |
Link to this message
|
I removed VS-add in from add/remove programs, but when i tried to remove from program files it said something like: "access is denied", and that im running the proccess now and cant delete.
i stopped the activescan slightly early. It didnt remove anything.. but heres the log:
Incident Status Location
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8ujywt2u.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8ujywt2u.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8ujywt2u.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alex\Cookies\alex@atwola[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eliot\Application Data\Mozilla\Firefox\Profiles\p72y4v5o.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eliot\Application Data\Mozilla\Firefox\Profiles\p72y4v5o.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.did-it.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.cdfreaks.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Julio\Application Data\Mozilla\Firefox\Profiles\tjjsihwz.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Julio\Cookies\julio@atwola[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Julio\Cookies\julio@drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Julio\Cookies\julio@www.drivecleaner[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Julio\Local Settings\Temp\Cookies\julio@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Julio\Local Settings\Temp\Cookies\julio@club.cdfreaks[2].txt
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Documents and Settings\Julio\Local Settings\Temp\uopfxfvy.exe
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\120ppse8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\120ppse8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\120ppse8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\120ppse8.default\cookies.txt[.go.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mom\Cookies\mom@drivecleaner[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mom\Cookies\mom@go[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mom\Cookies\mom@stats.drivecleaner[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mom\Cookies\mom@target[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Mom\Cookies\mom@winantivirus[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.winantivirus[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mom\Local Settings\Temp\Cookies\mom@atwola[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mom\Local Settings\Temp\Cookies\mom@target[1].txt
Spyware:Cookie/SpywareQuake Not disinfected C:\Documents and Settings\Mom\Local Settings\Temp\Cookies\mom@www.spywarequake[1].txt
Adware:Adware/WebSearch Not disinfected C:\Hjt\backups\backup-20061201-165425-494.dll
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:13:47 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1140209414083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1146943814406
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Senior Member
|
1. December 2006 @ 17:08 |
Link to this message
|
Quote:
I was wondering if i could delete these .dll files
Yes delete all of them.
Quote:
I removed VS-add in from add/remove programs, but when i tried to remove from program files it said something like: "access is denied"
Delete it in safe mode.
Quote:
i stopped the activescan slightly early. It didnt remove anything..
It's not made to remove anything. It will simply let me know what is still present and what you can remove. How early did you stop it?
---------------------------------------------------------------------------
Copy the following bold text into Notepad(not WordPad).
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}]
Make sure there are NO blank lines before REGEDIT4.
Name the file Fix.reg
Change the "Save as Type" to All Files and save it on the desktop.
Open the Fix.reg file and click Yes when prompted to merge.
After merging, you may delete the reg file.
Fix this with HjT:
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
Restart in safe mode and delete the following:
C:\WINDOWS\System32\ot.ico <--file
C:\WINDOWS\smdat32m.sys <--file
C:\Program Files\MyWay <--folder
C:\Program Files\VSAdd-in <--folder
Empty the Recycle Bin and restart in normal mode.
Go here and download ATF Cleaner.
Open ATF Cleaner.
Check "Select All".
Click "Empty Selected".
Click "Firefox"
Select all except "Save Passwords".
Click Empty Selected".
Exit ATF Cleaner.
Java is out of date.
Go here and download Java Runtime Environment 5.0 Update 10.
Uninstall all previous version and updates of JRE via Add/Remove Programs.
Restart and install Update 10.
Clear the System Restore folder.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.
How are things? Any problems?
|
|
ravens1
Member
|
1. December 2006 @ 18:20 |
Link to this message
|
|
Oh my god. I cant thank you enough for your help.
But i have a problem. i did everything you told me to do until the part of restarting my computer in safe mode. Before i got my pc cleaned up (2 months ago), because i set windows to start in safe mode only. well, safe-mode was a no-go. I couldn't restart windows normally or anything. So i still have the problem of safe mode. I select safemode, (startup) then my monitor scrolls down with white folders/files. Its kind of difficult to explain. Should i take a video or something?
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 18:20
|
Senior Member
|
1. December 2006 @ 18:29 |
Link to this message
|
The scrolling of drivers is normal.
Download and try with BootSafe.
Download BootSafe.exe to the desktop.
Open BootSafe and select Minimal.
Click Reboot.
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 18:30
|
|
ravens1
Member
|
3. December 2006 @ 12:17 |
Link to this message
|
|
I got my computer back today... I wasnt able to do much when i couldnt logon. This is the 2nd time in 2 months that i check a box so that my computer only starts in safemode. But my computer doesnt start in safe mode for some reason. So it doesnt allow me to logon normally.
But i have a question: if it ever happens again, is there something i can do. Like press a button?
|
Senior Member
|
3. December 2006 @ 13:19 |
Link to this message
|
Quote:
...so that my computer only starts in safemode. But my computer doesnt start in safe mode for some reason. So it doesnt allow me to logon normally.
I don't fully understand the question. You said you can't boot in safe mode, then you said you can't boot normally...(?) Can you boot in noraml mode?
Quote:
But i have a question: if it ever happens again, is there something i can do. Like press a button?
Since I don't understand the first statement, I'm not sure what you asking here either. :) If you're asking what key to press to boot in safe mode, it's F5 or F8.
|
|
ravens1
Member
|
4. December 2006 @ 14:18 |
Link to this message
|
Quote:
[quote]...so that my computer only starts in safemode. But my computer doesnt start in safe mode for some reason. So it doesnt allow me to logon normally.
"I don't fully understand the question. You said you can't boot in safe mode, then you said you can't boot normally...(?) Can you boot in noraml mode?"
Ok. I could not boot in anything. Like i get to the selection screen on startup that has everything. (Boot in safe mode, safe mode with comand prompt, last known good configuration, start windows normally.) I hit enter on any of them and then the windows screen comes on with the blue loading bar, black screen. Then my computer makes a beeping sound and reboots. Well i tried everything to boot into anything but it keeps on rebooting, disabling me to boot in any mode. So yeah, this happened to me twice because i was told twice to do about the same thing. Im wasnt going to abbandon my pc, but i had to get it fixed.. again and again.
Quote:
But i have a question: if it ever happens again, is there something i can do. Like press a button?
"Since I don't understand the first statement, I'm not sure what you asking here either. :) If you're asking what key to press to boot in safe mode, it's F5 or F8."[/quote]
This message has been edited since posting. Last time this message was edited on 4. December 2006 @ 14:18
|
|
Advertisement
|
|
|
Senior Member
|
4. December 2006 @ 15:37 |
Link to this message
|
3. December 2006 @ 17:17
Quote:
I got my computer back today...
Where did you take it? Was this problem happening after we cleaned or after you got it back?
First, you could try repairing Windows with the disc.
|
