-
Content Count
26 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Everything posted by insipid
-
You could uninstall Ewido, the real-time protection is only a 14-day trial, but it's good to keep around for scanning purposes, you can still use it for that afterwards. I very much doubt it or HJT are blocking your connection. Can you describe your connection difficulties in more detail?
-
Well, this log is from Normal Mode, well done . You can leave that 06 entry if you're not sure about it. The only thing I see that's left is this line: O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" WildTangent is thought to collect data regarding your surfing habits and report back to it's controlling server. I suggest removing it, but the choice is yours. If you choose to remove it, fix the entry with HJT and then remove 'WildTangent' in Add/Remove Programs. Other than that, your l
-
Dankwsc, that actually did quite a bit of good. We have more to do, though. Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode. Click Start >> Run Type "services.msc" (without the quotes) in the run box that pops up. Locate Awlwsterkfp, right-click on it and select 'Properties'. Click 'Stop'. Set 'Startup Type' to 'Disabled'. Exit services.msc. 1) Please download the Killbox. Unzip it to the desktop but do NOT run it yet. 2) Then please reboot into Safe Mode by restarting your computer and
-
Go ahead and do the HijackThis fixes in Safe Mode, then post a new log, even if it's from Safe Mode too. We'll see where we're at .
-
chupzy, there's still one bad process showing in your log. C:\WINNT\System32\irftp.exe is a variant of the W32/SDBOT worm. Please run both of these online virus scans: Trendmicro Housecall....Panda Active Scan For Housecall, select the 'Autoclean' option. Please tell me of any files it can't clean. For Panda, use the default settings and save the log it generates to post in your next reply. Reboot and post a fresh HijackThis log as well as the Active Scan report .
-
Please proceed with the fix without updating Ewido. We'll work it out.
-
Dankswsc, since I haven't heard back I'm going to work with this log. You have quite a mess there, so this may take a few posts to clear up. First, download and install CleanUp! but do not run it yet *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download, install, and update Ewido Security Suite Install ewido security suite Launch ewido, there should be a big E icon on your desktop, double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest defin
-
Ok, do what you can. If you can only get a log from Safe Mode, so be it. We'll work with what we have.
-
I apologize, I didn't get the email notification that you had replied. Please post one more HijackThis log to be sure you got it all .
-
chupzy, I see you're running Microsoft Anti-spyware, and this is good, but it may interfere with our fixes. Please disable it for the time-being by right-clicking it's icon in the System Tray and selecting 'Shut Down...'. Rescan with HijackThis and place a checkmark next to the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://203.125.138.181:83/sop/ R1 - HKLM\Softwa
-
User posted new topic, being helped here http://www.besttechie.net/forums/index.php...&st=0&p=26295
-
chupzy, I'm looking over your log now, I'll have a reply for you soon.
-
Hi Dankwsc, I'm guessing the forum you were being helped at is Spywareinfo . That's my home forum, so it's only fitting that I should continue. Can you tell me the name of the helper that was working on your log so I can inform him/her, so they don't take the time to respond to your log when SWI gets back online? The HijackThis log you posted appears to be done in Safe Mode. Please post a log from Normal Mode, it's important I see everything that's running, and I'll be happy to help. Also, can you tell me what you mean when you say your Internet is "useless"? Is it that you can't get onli
-
I wish I could have helped more. Let me know how it turns out .
-
Vile_DR, other than the Limewire thing, this looks great. In way of general cleanup, I have a couple of recommendations: MWAV detects WildTangent as a possible threat, Panda Active Scan does as well. I generally propose it as an optional fix, so I will do so here as well. It's unnecessary and possibly malicious. I suggest uninstalling WildTangent via Add/Remove Programs in the Control Panel (if it's there) and then deleting this directory: C:\Documents and Settings\mboree\Local Settings\Application Data\Wildtangent\ The other threats MWAV found are in the System Restore cache, you may want
-
If the problem is with Internet Explorer itself, this article describes how to repair or reinstall it http://support.microsoft.com/default.aspx?kbid=318378. It could be malware, however, that HijackThis isn't seeing. We can try some other detection tools to get a closer look. Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window. Also download SilentRunners f
-
Vile_DR, at first inspection, I don't see anything wrong with your log. Are you involved in a business relating to aircraft? Please describe your problem in as much detail as you can so as to help me help you :)l.
-
Exodus, that's a clean log (finally) . Windows System Restore can and does backup malware files which can then be reinstalled if you ever restore to a previous point. To prevent this, we need to purge your Restore points: Go to Start->Control Panel->System, System Restore. Click "Turn off System Restore". That will erase all restore points. You will be prompted to reboot. When Windows restarts, immediately go back in and uncheck "Turn off System Restore" to re-enable it. Windows will automatically create a new restore point. To reduce re-infection potential for malware in the
-
Ok, Exodus, that's a clean log. We still have a bit of work to do, though. Now we need to see if we need to restore some deleted files: Please check for the following files using the Windows Search Engine (Click Start >> Search >> All Files and Folders): control.exe rundll32.exe wmplayer.exe msconfig.exe notepad.exe shell.dll SDHelper.dll If any are missing or not working properly then you can download new copies from Merijn's Files and follow the instructions at that site to installthem where they belong for your OS. Download the Hoster from here. Press "Restore Original Hosts"
-
Exodus, this infection is usually quite easy to fix. Yours is being stubborn, so let's go about it a different way. Download this file and unzip it to your desktop Then, Download Ad-aware Second Edition here and install it. If you already have Ad-aware Second Edition skip to the next step. Open adaware and Click the "Check for updates now" line on the main screen. CLick the "Connect" button on the webupdate screen. If an update is available download it and install it. Click the "Finish" button to go back to the main screen. Click on the "Settings" button (gear symbol in the upper right corner
-
Exodus, Rescan with HJT and place a checkmark next to the following entries: O2 - BHO: (no name) - {E14C016F-0342-89AD-D475-D4092601854E} - C:\WINDOWS\system32\javazi.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntro32.exe (file missing) Now, close all windows including your browser and then click "Fix Checked" in Hijackthis. Please delete this file using Windows Explorer(if present): C:\WINDOWS\system32\javazi.dll Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your
-
Exodus, I see you're still here. That log is looking much better, good job!! You killed three different infections in one shot. We have some more work to do, I'll post more instructions in a few minutes .
-
Ok, Exodus, let's try this again. You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Locate Pocket Killbox that you downloaded and run Killbox.exe. Select "Delete on Reboot". Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C: C:\WINDOWS\system32\osjzi.dll C:\WINDOWS\system32\crty.exe C:\WINDOWS\system32\winge32.exe Return to Killbox, go to
-
Well, that didn't work at all. We're going to have to get serious with this. The file responsible for this infection is changing names at every reboot. Let's find it and kill it. Please download Pocket Killbox by Option^Explict here http://www.subratam.org/?page=removal and unzip it to a convenient location. Don't run it yet. Post a new HJT log, and please don't reboot or power down your computer until I respond with instructions.
-
Hi Exodus, I see you're running SpySubtract. That's good, but it may interfere with our fixes. Please disable it by right-clicking it's icon in the System Tray at the bottom right corner of your screen and selecting 'Exit'. We need to disable the bad service in this infection. To stop a service and set to 'disabled': Go to Start > Run and type in Services.msc then click OK Click the Extended tab. Scroll down until you find the service Workstation NetLogon Service. Click once on the service to highlight it. Click Stop Right-Click on the service and select 'Properties' Select the 'Gener