jpshortstuff

Members
 View Profile  See their activity

  • Content Count

    16

  • Joined

  • Last visited

 Content Type 

Posts posted by jpshortstuff

  1. Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    Hi :)

    LimeWire

    You have LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

    References for the risk of these programs can be found in these links:

    http://www.microsoft.com/windows/ie/commun...protection.mspx

    http://www.techweb.com/wire/160500554

    http://www.internetworldstats.com/articles/art053.htm

    See Clean/Infected P2P Programs here

    I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Uninstall Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.

    Viewpoint Media Player is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.

    Please click Start >> Control Panel >> Uninstall Programs.

    Find the item below on the list and click Remove.

    Viewpoint Media Player

    Let me know how it goes.

    You appear to have Weatherbug installed. It is considered adware as it displays pop-ups and is used to install My Search Toolbar. A safe alternative to WeatherBug is Weatherpulse. I recommend you uninstall WeatherBug for the above reasons. You can do this by clicking Start >> Control Panel >> Uninstall Programs and clicking remove by the WeatherBug entry.

    While you are in the Uninstall Programs area, you can also remove this old version of Java since you already have the latest:

    Javaâ„¢ 6 Update 2

    Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    Close all browsers and windows except for HijackThis and click Fix Checked.

    Please download DirLook by jpshortstuff from one of the following mirrors:

    Link 1

    Link 2

    Link 3

    • Double-click DirLook.exe to run it.
    • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
    • Copy the content of the following codebox into the main textfield:
      c:\program files\SP39373 /s
      c:\program files\SP38886 /s


    • Click the DirLook button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

    Note: Scanning may take longer for large folders.

    Please right click Internet Explorer on your desktop and then select "Run As Administrator". Next, go to Kaspersky website and perform an online antivirus scan.

    NOTE: Internet Explorer will temporarily have administrator privileges, this is required for the scan but dangerous for normal surfing so do NOT open any other websites in IE until after the scan has finished and this window has been closed.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply, along with a fresh HijackThis log.

    Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

    Thanks.

  2. Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    Hi, and Welcome to BestTechie :)

    My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    Before we begin, you are using an old version of HijackThis that doesn't support Vista. Please remove HijackThis from your computer and download the latest:

    HijackThis version 2.0.2

    Download ComboFix by sUBs from here or here

    Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

    **Save it to your desktop**

    We need to disable one or more of your security programs so that they do not interfere with ComboFix.

    Please open the AVG Control Center program (if you still have AVG) -> double-click on the "AVG Resident Shield" component (looks like this: Clipboard02-1.jpg) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

    When you need to enable the AVG Resident Shield, ( I'll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

    Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.

    When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

    Notes:

    1. Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
    4. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    I need to see another log from HijackThis.

    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.

    Thanks.

  5. Ry's Hjt Log, Please Help[RESOLVED]

    in Malware Removal

    Posted

    Hi.

    No worries, we all have constraints :)

    Log looks good :thumbup:

    Click Start >> Run, and then type ComboFix /u and hit enter.

    You can now delete any other tools I had you download and use, unless you wish to keep them.

    Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.

    • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.
    • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.
    • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:
      Download Spybot Search and Destroy 1.5 from here
      Check for Updates/ Immunize and run a Full System Scan on a regular basis.
      SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
      Freely available: Download SpywareBlaster
      Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

    Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

    Glad we could be of assistance.

    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

    Stay Clean!

    jpshortstuff

  6. Ry's Hjt Log, Please Help[RESOLVED]

    in Malware Removal

    Posted

    Hi :)

    Just a few more things to clean up and update.

    Please do this:

    • Copy the contents of the Code Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\667f73e6]

    Make sure there are NO blank lines before REGEDIT4, and a blank line at the end.

    Then right-click on the fix.reg file and click merge, say yes to any prompts.

    I'm not sure if you actually have WeatherBug installed, but Kaspersky picked up a few traces. It is considered adware as it displays pop-ups and is used to install My Search Toolbar. A safe alternative to WeatherBug is Weatherpulse. I recommend you uninstall WeatherBug for the above reasons. You can do this by clicking Start >> Control Panel >> Add/Remove Programs and clicking remove by the WeatherBug entry. If you haven't got it then don't worry, the traces may not be significant.

    Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    Updating Java:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
    • Close any programs you may have running - especially any web browsers.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u10-windowsi586.exe to install the newest version.

    You don't appear to be running any third party Firewall software.

    Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:

    1) Comodo

    2) Agnitum

    3) Sunbelt/Kerio

    You need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.

    Make sure you reboot after all this and then post a new HijackThis log. If you are having no more problems then I will post my final clean up and prevention speech, and we can wrap this topic up :)

    Thanks.

  7. Ry's Hjt Log, Please Help[RESOLVED]

    in Malware Removal

    Posted

    Hi :)

    Backup Your Registry with ERUNT

    • Please download ERUNT from the following link:
      ERUNT
    • Unzip all the files into a folder of your choice.
    • Double-click Erunt.exe to backup your registry to the folder of your choice.

    Note: To restore your registry, go to the folder and start ERDNT.exe

    Please do this:

    • Copy the contents of the Code Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7a5ee7c-a47c-11db-961d-0018f3cb60b3}]

    Make sure there are NO blank lines before REGEDIT4, and a blank line at the end.

    Then right-click on the fix.reg file and click merge, say yes to any prompts.

    Please download FileLook by jpshortstuff from one of these mirrors:

    Link 1

    Link 2

    • Double-click FileLook.exe to run it.
    • Ensure that the BBCode Ouput checkbox is checked.
    • Copy the content of the following codebox into the main textfield:
      C:\WINDOWS\system32\drivers\667f73e6.sys


    • Click the FileLook button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found at C:\fl_log.txt

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply, along with a fresh HijackThis log.

    Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

    Thanks.

  8. Ry's Hjt Log, Please Help[RESOLVED]

    in Malware Removal

    Posted

    Hi, thanks for that.

    You don't appear to be running any Anti-Virus software.

    Install Anti-Virus software! Without any anti-virus software, your computer is wide open to infection. If you don't have any Anti-Virus software I strongly recommend you download Avast! or AVG Free

    Viewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.

    Please click Start >> Control Panel >> Add or Remove Programs.

    Find the item below on the list and click Remove.

    Viewpoint Manager

    Let me know how it goes.

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Post that log back here.

    Download ComboFix by sUBs from here or here

    Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

    **Save it to your desktop**

    Double click on ComboFix.exe & follow the prompts.

    When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

    Notes:

    1. Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
    4. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Thanks.

  9. Ry's Hjt Log, Please Help[RESOLVED]

    in Malware Removal

    Posted

    Hi, and Welcome to BestTechie :)

    My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    Your HijackThis log is unreadable.

    Please open notepad, click Format and make sure Word Wrap is unchecked.

    Then, scan again with HijackThis and post the resulting log.

    Thanks.

  10. Soxpeca Log[INACTIVE]

    in Malware Removal

    Posted

    Hi, and Welcome to BestTechie :)

    My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    Please download HijackThis version 2.0.2 and save the file to your desktop. Double click the Hijackthis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.

    I need to see another log from HijackThis.

    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.

    Thanks.

  12. Please Help! Ran Nav And Super Anti-spyware But Virus Still There

    in Malware Removal

    Posted

    Hi, and welcome to BestTechie :)

    We need to upload a file to Jotti

    1. Click HERE to get to Jotti's site.

    2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

    C:\WINDOWS\system32\e8cD8i1T.exe

    3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

    4. Please provide me with the results of the analysis.

    Random's System Information Tool

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply.

    Thanks.