rmurphy

Please download ComboFix from Here 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log. -Ryan

Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. lease download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. -Ryan

Congratulations, your log is clean For information on how to protect yourself in the future, read Infection Prevention Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask. -Ryan

Yeap, just that one item to be deleted. Everything looks good except we need to get the recovery console installed on your computer. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When c

You will want to print out these instructions, or save them to notepad so that you can refer to them later. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser C

Welcome to BestTechie. I'm Ryan, and I'll be helping you. Everything looks good, but let's see if Kaspersky will find anything. Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Sca

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Please try to do the following in normal windows; if it will not work, you should be able to do it in safe mode. Go to Start>Run. Enter sfc /scannow (notice the space between c /) and press OK. If Windows finds system files that need to be replaced, you will be asked for your windows CD. Once sfc has finished, download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combo

Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to kee

The first hijack this log was clean along with the Kaspersky log, and with the exception of two programs, the uninstall list was fine as well. == Remove Programs == Please go to Add/Remove Programs in the Control Panel, and remove the following programs Java 2 Runtime Environment, SE v1.4.2_03 My Way Search Assistant Reboot your computer. == Install Latest Java == Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section. Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal. Downl

Hello NYLuvaGrl, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. Please take a look at the following topic: http://www.besttechie.net/forums/How-To-Po...Log-t12175.html It contains instructions on how to post a hijack this log. Please post your log in this topic as a reply, and I'll take a look at it and let you know what to do next. -Ryan

Hello alamarinara, welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. Please download FixWareout from here: http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system may take longer than usua

Hello mwmarshall, welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. == Clear Temporary Files == Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use

Hello sho, welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. == Clear Temporary Files == Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Yes. It is detecting the file as infected because it contains definitions of actual viruses. Please see the following avast! forum thread for more information: http://forum.avast.com/index.php?topic=23746.0 -Ryan

Wsock32.dll is also legitimate. Windows should be replacing all of those legitimate files that avast is moving. You should be able to tell it to ignore those files. You can also upload those files at http://www.uploadmalware.com and they will be sent to antivirus companies so they can fix their virus definitions. -Ryan

Try this scanner: Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it. Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now buttonIf it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When th

The first items (except for pskavs.dll, which is a fasle positive) are located in the system restore points. Let's clear those out now. Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer Kernel32.dll and winstock.dll are both legitimate system files. Just to confirm, is that last file wsock32.dll, or wsock.32dll? -Ryan

Can you tell me what it found and where it was located? -Ryan

Please uninstall any filesharing programs you may have installed on the computer. From the uninstall list, the ones I saw were: BitTorrent 5.0.9 DC++ 0.699 eMule Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s) O15 - Trusted Zone: *.kdb.co.kr O15 - Trusted Zone: *.nprotect.co.kr O15 - Trusted Zone: *.nprotect.com O15 - Trusted Zone: *.nprotect.net O15 - Trusted Zone: http://*.wedisk.co.kr O15 - Trusted Zone: http://*.wedisk.net O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/ham

Congratulations, your log is clean For information on how to protect yourself in the future, read Infection Prevention Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask. -Ryan

How's the computer running? Did the help desk give you any information when they said you were infected? -Ryan

How is the computer working? -Ryan

Please go to Add/Remove Programs in the Control Panel, and remove the following program: Java 2 Runtime Environment, SE v1.4.2_14 Delete the following file: C:\WINDOWS\Temp\npnuninst.exe.npz Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall -Ryan