rmurphy

Fix this entry in HJT: O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing) Then do the following: Delete an NT Service Open HiJackThis Click on the "Config..." button on the bottom right Click on the tab "Misc Tools" click on "delete an NT service" Copy and paste this in: winvnc Click "ok", then reboot

nevermind, i see it now

Does notepad open? If not, there should be a service.txt file on your desktop. Please open that file and post the contents of it here. -Ryan

Start > Run: notepad press enter

Paste everything that was in the code box into Notepad. Save the file to your desktop as "delVNC.bat" (the quotes are required. Now on your desktop, there will be a delVNC.bat icon - it will have a gear on the icon. Double click this icon. A black window will open, and then notepad will open a file names service.txt Service.txt will have some text in it. Copy and paste that text into a forum post. -Ryan

Paste the following into notepad: sc stop winvnc >> service.txt sc delete winvnc >> service.txt sc stop "VNC Server" >> service.txt sc delete "VNC Server" >> service.txt notepad service.txt Save the file as "delVNC.bat" (include the quotes) to your desktop. Double click the file to run, a black window will flash and then notepad will open with some text inside of it; please post the text that it contains. -Ryan

Start > Run: Paste sc stop winvnc and press enter. Then paste sc delete winvnc and press enter. -Ryan

reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Then try to delete the folder/files. -Ryan

You can fix these items, they are clutter and don't need to be fixed. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F3 - REG:win.ini: load= F3 - REG:win.ini: run= Other than that, the log is fine. -Ryan

Just do the following: go to start > Run: paste del "C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe" and hit enter. Then paste: rmdir "C:\Program Files\Mozilla Firefox\SmitfraudFix\" /S /Q and hit enter. -Ryan

You just delete them like any other file/folder. -Ryan

The only thing that the Kaspersky scan found were risk tools - that is, tools that can be used for both good and bad. In this case, it was a tool included in the SmitFraudFix program that is used to reboot your computer. If you want to, you can remove the following file and folder. C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe C:\Program Files\Mozilla Firefox\SmitfraudFix\ -Ryan

Congratulations, your log is clean For information on how to protect yourself in the future, read Infection Prevention Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask. -Ryan

Based on the uninstall list, here are 3 potential programs to uninstall. Azureus Vuze LimeWire PRO 4.12.3 P2P file sharing programs like the above have their legitimate uses, but can also be used to download copyrighted material, and increases the risk of infecting your computer. TightVNC 1.3.9 Allows remote users to connect to the computer. If you or someone else that uses this computer did not install it, please uninstall it and let me know. Please do an online scan with Kaspersky WebScanner You will need to use Internet Explorer to do this Click on Kaspersky Online Scanner You will be pr

Hi coriell. I'm Ryan and I'll be helping you clean your computer. You will want to print out these instructions, or save them to notepad so that you can refer to them later. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved pa

Happy birthday Jeff!!!

Welcome to BestTechie. Sorry about the delay in getting to your thread. If you still require assistance, please post a new hijack this log and an uninstall list. If you have resolved this issue, please let me know so that I may close this topic. To get the uninstall list, do the following: Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) -Ryan

Please go to http://www.uploadmalware.com/ and submit the following file: C:\Windows\System32\immsg32.exe I would like to see an Uninstall list. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) -Ryan

Hi. I'm Ryan, and I'll be helping you clean your computer. Please download FixWareout from here: http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the de

Inactive topic... If you still need help on this problem, contact me or one of the Moderators to re-open this up. Topic closed.

Please go to UploadMalware to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread In the first submission box paste this filename: C:\Program Files\Outlook Express\lawunedis.dll In the second submission box paste this filename: C:\Program Files\MSN\holetuc.dll In the comments, please mention that I asked you to upload this file Click on Send File Once the files have been submitted, please do the following: I did not see any antivirus program running. It is critical that you install one. Here are two very good and reliable ones th

== Remove Programs== Please go to Add/Remove Programs in the Control Panel, and remove the following programs Internet Explorer Default Page J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 LimeWire 4.12.11 Outerinfo Reboot your computer. == Install Latest Java == Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section. Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal. Download the Windows Offline Installation, Multi-language. You will want to s

Hi, and welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt, an uninstall list (instructions below), and a new HiJackThis log. No

You can try that. There isn't anymore malware on your computer. For information on how to protect yourself in the future, read Infection Prevention Unless you have anymore questions about malware, I'd suggest going to the Windows forum for addtional help on this problem. Make sure to tell them that you are clean of malware, as their first suggestion might be to have your copmuter checked. -Ryan

Everything seems to be ok from the logs. How is the computer running? -Ryan