Andro1d

Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Step 2 Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post

Hello again, Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack. Double click on WinsockXPFix.exe to open. On the Winsock and TCP Repair Utility screen, click "ReG-Backup" On the ERDNT Welcome screen, click "OK". On the Backup to: screen, click "OK". On the Folder does not exist question screen click "Yes". You will see a status screen as your registry is being backed up. On the Registry backup is complete! screen, click "OK" and you will go back to the main window. On the Winsock and TCP Repair Utility screen, click "Fix". On th

Hi, I am sorry to say that you are not completly clean, so pleae do the following. Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Step 1 Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107

I am gonna look into this and will get back to you ASAP.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present): C:\Documents and Settings\PET3R\.housecall6.6\Quarantine Other than that, nice job your log looks clean! How is it running? Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK [*] When shown the disclaimer, Select "2" The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells

Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will

Could you please post the log just to be sure you are clean.

Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file.

Good to hear. I will await the scan results, and if that doesn' work, there still are some things we can try!

Download ComboFix from Here or Here to your Desktop. (This is a newer version so please delete your old copy.) Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Hello, Please make sure to post the ComboFix log in your next post, it will be at C:\ComboFix.txt. The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry Go to Start > Run Type: regedit Click OK. On the leftside, cli

Hello, Ok, lets try the following. Step 1 Please download the Norton Removal Tool from HERE and Save it to your Desktop Close all programs and double click the Norton_Removal_Tool.exe Follow the on-screen instructions Restart the computer if asked Then delete Norton_Removal_Tool.exe from your desktop Now open the Program Files folder on your local disk ( normally C: ) Find and delete the following folders (if present)Norton AntiVirus Norton Internet Security Norton SystemWorks Norton Personal Firewall Step 2 TrendMicro HouseCall Java Scan Please go HERE to run the Trend Micro™ HouseCall

Hello again, Are you still not able run an Anti Virus program? Pleaes let me know on whether you can or can't because either way we will probably uinstall Norton since it it outdated and go with a different one. You may also leave the O16 there if it is for work. Step 1 I see you have BitTornado 0.3.17 & eMule installed on your system. While theese program themeselves are legal, most of the files downloaded with them are not. Also, quite often the files can be infected with viruses, malware, and other undesirable applications. I highly recommend uninstalling BitTornado 0.3.17 & eMu

Hello El Cool, Well it depends what you are fixing in the regisry, this was given to me by one of my teachers when I didn't know how to get a user into Safe Mode. Others I just know what to do from a registry training class. Step 1 Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Step 2 Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {18AA4575-67E5-4807-92AF-A4923D98E974} - (no file) O2 - BHO:

Hello, You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, dou

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry Go to Start > Run Type: regedit Click OK. On the leftside, click to highlight My Computer at the top. Go up to "File > Export" Make sure in that window there

Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 Download Deckard's System Scanner (DSS) to your Desktop. Close all applications and windows. Double-click on DSS.exe to run it, and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigch

Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus prog

Hello, You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, dou

Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 I see that you are using an outdated version of HijackThis, so the first thing we need to tackle is to get you updated to the newest version of HijackThis. Please download the current version of HijackThis from here. Please be sure to save it to a permanent directory, such as C:\HJT. Delete the old version of HijackThis afterwards. Please post a new HJT log with the version you just downloaded. Step 2 Download ComboFix from Here or Here to your Desktop. Double click combofix.exe

Anytime! Well do you know how much longer your subscription is for Trend Micro Pro-cillin 12? Because I would use that till your subscription ends, then I would reinstall one of the AV's I recommend above and use that. So for now uninstall AVG7. One high recommendation though is to install SpywareGuard 2.2 from the above list. It is like real time protection except for spyware. If anything is unclear, feel free to ask.

Hello again, Please go to the following url: http://www.bleepingcomputer.com/submit-malware.php?channel=12 "Link to topic where this file was requested:" - http://www.besttechie.net/forums/index.php...mp;#entry104435 "Browse to the file you want to submit:" - C:\PROGRAM FILES\UZHCWTGI\CTUWGCWH.DLL "Leave any comments, further information about this file, or contact information:" - Please say that MoNsTeReNeRgY22 asked you to upload this file. Click Submit Thanks. This will give us a chance to look at the file. Please also do the above for the following file. C:\DOCUMENTS AND SETTINGS\ALL USER

Nice job your log looks clean! How is it running? Please use the following suggestion to help prevent reinfection. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following Click Start, Settings, Control Panel Double-click the System icon Click the Performanc