jwbirdsong

Trusted Helpers
  • Content Count

    262
  • Joined

  • Last visited

Everything posted by jwbirdsong

  1. Download SDFix and save it to your desktop. Double click SDFix.exe and it will extract the files to C:\SDFix Please then reboot your computer in Safe Mode (without Networking) by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the C:\SDFix folder and double click RunThis.bat to start the script. Type Y
  2. Yep.. ReRun HijackThis and put a check next to the following F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe Close all windows and click Fix Checked reboot Deckard's System Scanner Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and
  3. Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file.
  4. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  5. You've still got a/some old Java version on there ... but other than that looks real good.Make sure to look for and uninstall all the OLD java as they ARE a secuirty risk Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK [*] When shown the disclaimer, Select "2" The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present [*] Reset the clock settings. [*] Hide file extensions, if required. [*] Hide Syste
  6. Look like we have everything. How is the machine running now? You NEED to update your Jave/JRE. Go to your Control Panel>Add/Remove and uninstall ALL Java/JRE programs. Reboot then go HERE and D/L and install the latest version (JRE6 update 3) Guide found HERE Post a final(?) HijackThis log and any commnets concerns about how the computer is running.
  7. I KNOW I posted this yesterday....not sure why didn't show up.. Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept" You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available other
  8. Download SDFix and save it to your desktop. Double click SDFix.exe and it will extract the files to C:\SDFix Please then reboot your computer in Safe Mode (without Networking) by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the C:\SDFix folder and double click RunThis.bat to start the script. Type Y
  9. Sorry i was having connection trouble yesterday. Looking lots better Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept" You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available
  10. Please print out or copy to Notepad for reading this as you may be in safemode or can not have IE open during most fixes. Please download FixWareout from HERE and save it to your deskop. DO NOT run it yet Open HijackThis by clicking ScanOnly. place a check next to the following. O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O3 - Toolbar: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2CE36F25-35D4-404A-8641-FAE654ED3133}: NameServer = 85.255.11
  11. I don't care who you are..that's funny right there.
  12. Well the logs look pretty go. As you see in the Kaspersky log only thing coming up in MyWebSearch stuff. It's considered an optional fix but it looks like you no longer use it. I suggest going to ControlPanel>Add/Remove and uninstalling anything with MyWay. Then delete the entire C:\Program Files\MyWebSearch folder. may need to reboot 1st. You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Open HijackThis and click on Do a system scan only. Place a check mark next to the following: NOTE the RED entrie
  13. Sorry I should have noticed that you were using Avast...The panda detection is a known False Positive..not sure why they won't fix it. I can assure you the Panda download is completely safe to do. But if you are uncomfortable with it please do the Kaspersky scan below. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the
  14. Did AVAST give you file location for the Decompression Bombs?? BTW they are just what they sound like files that when you unzip/decompress them copy LARGE amount of junk to your system. Not necessarily malicious but no fun none the less. Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Upda
  15. Copy the following to Notepad (make sure you 1st line is REGEDIT4)and save it to your desktop as "fix.reg"...when naming the file make sure to use quotes just as I did. REGEDIT4 [-HKEY_CLASSES_ROOT\CLSID\{02B010E6-F55E-18F9-AFDC-5F03CBD884E6}] [-HKEY_CLASSES_ROOT\CLSID\{07B26288-C681-0065-E065-8201DD28A761}] [-HKEY_CLASSES_ROOT\CLSID\{30E404C8-9E52-6BCC-07B7-75B62569A989}] [-HKEY_CLASSES_ROOT\CLSID\{3675715F-7D53-0434-2B54-B10B3458B832}] [-HKEY_CLASSES_ROOT\CLSID\{37D770DC-7684-506E-506F-B70AAFEB6F95}] [-HKEY_CLASSES_ROOT\CLSID\{3B54F794-786F-0118-4FF7-2319A73AE336}] [-HKEY_CLASSES_ROOT
  16. Yeah Sorry it appears I didn't get a notice of your reply..I'll post after work today. Sorry
  17. As long as they have the wireless adapter for the Xbox ( to receive the 'signal'...seen HERE ) any wireless router should work fine.
  18. Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 First close any other programs you have running as this will require a reboot Double click NoLop.exe to run it Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackTh
  19. I'm with you, not real partial to the bottom one. I REALLY like the contrasting letter size of the 1st. I also think I like the 'sun' of the 1st one the best. If you could have the 1st sun with the bits (0' and 1's) of the 2nd sun I think you would have a real winner with it. Let us know your final decision.
  20. Is this a non english OS correct??? Well we can get rid of these entires if they won't go w/ HJT. So just for my sake, so I can see it for my self plz do the following You NEED to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Open HijackThis and click on Do a system scan only. Place a check mark next to the following: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Mai
  21. Well looks like you have FAT drives right? then you need command like following in your /etc/fstab /dev/hdb1 /media/fat_files vfat iocharset=utf8,umask=000 0 0 Get correct info (/dev/hdb1 etc) from sudo fdisk -l. GREAT info on fstab can be found HERE Mounting info found HERE
  22. Appologies..... My error started in my representation of properties. what I have in other post is NOT 555..it's 666.....or (111 in UMASK) and as I was writing I just wrote what permission I had... - r-x r-x r-x IS 555 and read and execute.... Sorry for confusion. It was early and I hadn't had coffee yet I guess.
  23. It just the way of setting permissions on the FS you are mounting if you don't want to use the defaults. But keep in mind that UMASK doesn't use same permission as the system permissions, As a matter of fact it is the exact opposite (inverse to be precise) Let use - rw- rw- rw- as an example == which means (in order) User , Groups and World(everyone else) have read/write access. This would also be written as 555. Doing the math (keeping in mmd MAXIMUM is 777) for UMASK then those same permission would be 222. OR to set all permissions (777) in UMASK use 000. Confused now?? LOL
  24. Open Notepad and copy/paste the text in the quotebox below into it: Save this as CFScript.txt Then drag/drop the CFScript.txt onto ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip Please submit this file to: http://www.bleepingcomputer.com/submit-malware.php?channel=4 Please include a link to this topic in the message.