[Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]]

OK, let's try System Restore method 2:

• On the Desktop, right-click My Computer.
  Click Properties.
  Click the System Restore tab.
  Check Turn off System Restore.
  Click Apply, and then click OK.
  

2. Restart your computer.

3. Turn ON System Restore.

• On the Desktop, right-click My Computer.
  Click Properties.
  Click the System Restore tab.
  UN-Check Turn off System Restore.
  Click Apply, and then click OK.
  

System Restore will now be active again.

If you were able to reset it, please post a new KAV scan.

Part of the reason that I use ATF Cleaner is that when things don't work, I can get in touch with the creater. I also think its a great product. He took a quick look at this thread, and just has one question at the moment: what directory do you have firefox installed in?

[Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]]

Delete the following items:

C:\download\ <-- This folder

I:\Pkware\PK263WSP.exe <-- This file

D:\Pkware\PK263WSP.exe <-- This file

Next, let's make a new restore point and get rid of the others.

• Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
  

Double-click ATF-Cleaner.exe to run the program.

• Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then run the Kaspersky scan again, and post the results and a new HiJack This log.

-Ryan

[Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]]

== Remove Programs==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

• Java 2 Runtime Environment, SE v1.4.2
  Java 2 Runtime Environment, SE v1.4.2_03
  Java 2 Runtime Environment, SE v1.4.2_04
  (Also feel free to uninstall any programs that you don't recognize or no longer use)
  

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select yes.

== Kaspersky Online Scan ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

-Ryan

[Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]]

Hi Aces&Eights, and welcome to BestTechie. I'm Ryan, and I'll be helping you with your computer.

You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

If you did not add the entries below to your hosts file, please remove them

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

Close all open windows except for HiJack This and click fix checked.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next, download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
   
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
   
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
     

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

• Select "Automatically generate report after every scan"
  
• Un-Select "Only if threats were found"
  

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
   
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
   
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
   
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
   
5. If you have any infections you will prompted, then select "Apply all actions"
   
6. Next select the "Reports" icon at the top.
   
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
   
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan, a new HiJack This log, and an Uninstall list (directions below).
   

Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

[Hijackthis / Combofix Logs]

Please delete the following items:

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe

C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe

Other than that, your log is clean.

For information on how to protect yourself in the future, read Infection Prevention

Because your issue does not appear to be malware related, I recommend posting in the PC Support forum.

-Ryan

[Hijackthis / Combofix Logs]

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

[Hijackthis / Combofix Logs]

Hi, and welcome to besttechie. I'm Ryan, and I'll be helping you.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

[Virus Acuired Through Msn.[RESOLVED]]

Congratulations, your log is CLEAN

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

• * Click Start.
  * Open My Computer.
  * Select the Tools menu and click Folder Options.
  * Select the View tab.
  * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  * CHECK the Hide protected operating system files (recommended) option.
  * Click Yes to confirm.
  * Click OK.
  

Next, let's set a new restore point, and clear the old ones:

• Step #1 - Create a New Restore Point
  Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  Step #2 - Flush All Previous Points
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
  

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  
• SpywareGuard to catch and block spyware before it can execute.
  
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  

You should also have a good firewall. Here are 2 free ones available for personal use:

• Kerio Personal Firewall
  
• ZoneAlarm
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly.

And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.

• AVG Anti-Spyware
  
• SUPERAntiSpyware Home Edition
  

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan

[Virus Acuired Through Msn.[RESOLVED]]

1. Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)

O20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)

Close all open windows except for HiJack This and click fix checked.

Reboot your computer.

2. Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
    
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    
  • When download is complete, click on My Computer to start the scan
    
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    

If you would please rescan with HijackThis and post a fresh log, along with the results from the Panda ActiveScan in this same topic, and let us know how your system's working.

-Ryan

[Virus Acuired Through Msn.[RESOLVED]]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  

-Ryan

[Virus Acuired Through Msn.[RESOLVED]]

OK, it looks like it took care of the MSN issue, but there is still a few things left to do.

You will want to print out a copy of these instructions to follow while you complete this procedure.

1. Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.
  

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

2. Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will reboot your computer, click OK.
  

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please post the contents of the SmitFraudFix report, the results of vundoFix (found at C:\vundofix.txt) and a new HiJackThis log.

-Ryan

[Virus Acuired Through Msn.[RESOLVED]]

Hi tippoff, welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer.

You will want to print out a copy of these instructions to follow while you complete this procedure.

1. Please download hosts.zip

• Extract the contents of hosts.zip by doing the following
  1. Right-click on hosts.zip and select Extract All. The Extraction Wizard will open.
     
  2. Click Next, followed by Next again.
     
  3. When it has finished extracting (should take one or two seconds), click on Finish.
     

  A folder with the extracted items will open.

  [*]Double-click on mvps.bat to run it. A black box will suddenly open and close; this is normal.

  [*]If any windows open alerting you of a change in your hosts file, please allow them; this is expected.

Note:If you have added any custom entries to your HOSTS file, you will need to add them again.

2. Please Download MsnVirRem.exe to your desktop from one of the following mirrors.

• • Mirror 1
    
  • Mirror 2
    
  • Mirror 3
    

[*]First close any other programs you have running as this will require a reboot

[*]Double click MsnVirRem.exe to run it

[*]Once open, click the button labelled "Search and Destroy"

<<Your computer will now be scanned for Infected Files>>

[*]When scanning is finished you will be prompted to reboot only if infected, Click OK

[*]Now click the "REBOOT" Button.

[*]After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.

[*]A Message should popup from MsnVirRem if not, double click the program again and it will finish

3.Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

In your next reply, please post the SmitFraudFix report, the report from MsnVirRem (found at C:\msnvirrem.log), and a new HiJackThis log.

-Ryan

[Hjt - Almost Done. Please Help[RESOLVED]]

Sorry for the delay.

Download and install Tune Up 2006 Trial

Click on Clean up & Repair. Run TuneUp DiskCleaner. Delete all junk files. Afterwords, return to the Main Screen.

Click on Clean up & Repair. Run TuneUp RegistryCleaner. Fix all errors. Afterwords, return to the Main Screen.

Click on Optimize & Improve. Run TuneUp RegistryDefrag, which will take a few minutes and need a reboot.

After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. Now click on Accelerate downloads and Internet surfing to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. In the menu to the left called "Wizards", choose System Advisor. Note some of the advice it tells you.

-Ryan

[Hjt - Almost Done. Please Help[RESOLVED]]

The things that the Panda scan found (except for the cookie) were part of the SmitFraudFix. It was picked up because it uses the same compression package as some spyware uses.

You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.

I noticed you have Party Poker and UltimateBet installed. Poker games and the sites related are a risk and that's where most malware gets installed. Also, in a lot of cases these Poker 'plugins' are also getting installed without you asking for it. If you don't use it, I recommend that you remove it.

Go to Start > Control Panel

In Add/Remove Programs, remove Party Poker if you don't use it. If it asks if you want to reboot your computer, select NO. Do the same for UltimateBet.

Close Add/Remove Programs.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Open HiJack This and scan. When it finishes, put an X in the boxes, only next to these following items

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBet

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBet

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party Poker

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party Poker

Close all open windows except for HiJack This and click fix checked.

Delete the following folder C:\Program Files\UltimateBet\

Reboot your PC.

Can you please go to C:\Program Files\Alwil Software\Avast4\ and tell me if the ashMaiSv.exe file is there?

There really isn't much else that can be removed from HiJack This. There are some optional removals that could speed up your computer when it first loads up; let me know if you would like to remove those and I'll tell you what to do.

-Ryan

[Hjt - Almost Done. Please Help[RESOLVED]]

We can definitely help you, but first you need to apply Windows XP Service Pack 1a. Without this update, you're wide open to re-infection, which defeats the purpose of getting you clean. So download the Service Pack from the link below, so we don't waste time getting you clean just to become re-infected. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx

Apply the update, reboot, and post a fresh Hijack This log.

[Hjt - Almost Done. Please Help[RESOLVED]]

Hi seksuell, welcome to BestTechie.

I am currently reviewing your log, and will reply momentarily.

-Ryan