Thread: Need help with my wife's laptop
View Single Post
Join Date: Feb 2004
Posts: 9,945
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 712
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Need help with my wife's laptop

 
0
  #9
Oct 12th, 2008
Run malwarebytes anti-malware and update it. Scan your pc and remove anything found by MBAM.

==

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done .
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4E583605-D8B0-49E6-8291-EB874413E92D} - (no file)
O2 - BHO: (no name) - {88379D08-C9C1-4636-981D-EBCB315A9B8E} - (no file)
O2 - BHO: (no name) - {EE86DA01-A709-437B-9D38-EECBCA46A02B} - (no file)

O4 - HKLM\..\Run: [5092f358] rundll32.exe "C:\WINDOWS\system32\dnvicepn.dll",b
O4 - HKLM\..\Run: [prunnet] "C:\DOCUME~1\Dee\LOCALS~1\Temp\prun.exe"
O4 - HKCU\..\Run: [prunnet] "C:\DOCUME~1\Dee\LOCALS~1\Temp\prun.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

files...

C:\WINDOWS\system32\dnvicepn.dll
C:\DOCUME~1\Dee\LOCALS~1\Temp\prun.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Post the MBAM log too please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote