crunchie

[color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then [b][color=red]close all browser and explorer windows[/color][/b] and hit the "Fix checked" button.[/color] O4 - HKLM\..\Run: [wngxzq] c:\windows\system32\nhnvfk.exe Find and delete the following file; c:\windows\system32\nhnvfk.exe Please reboot and scan in normal mode and post that log.

rvasanth, Hi and welcome to the Daniweb forums :). - Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.cgcbgarunwrojzwcur.com/H...Utq4CLGbOsA.php[/url] [/b][/color] [color=#9933cc][b] O16 - DPF: ppctlcab - [url]http://69.44.122.156/scanner/ppctlcab.cab[/url] [/b][/color] Now, with all windows closed except [b]HiJackThis[/b], click "[b][i]Fix checked[/i][/b]". =============== To …

Hans. Hi and welcome to Daniweb forums :). - You may have a VX2 infection. Download L2mfix from one of these two locations: [url]http://www.atribune.org/downloads/l2mfix.exe[/url] [url]http://www.downloads.subratam.org/l2mfix.exe[/url] Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the …

Start the Ewido program and when online, check for a definition update. When done, boot into safe mode (this is a must) and run Ewido again. Still in safe mode [color=blue]scan with hijackthis and tick the boxes next to all the following entries, then [b][color=red]close all browser and explorer windows[/color][/b] …

Before we begin, let's move [b]HiJackThis[/b] to it's own folder; like [b]c:\HJT[/b]. When we're done '[i]cleaning[/i]' off your system, we're going to '[i]flush[/i]' the temporary folders which, with [b]HiJackThis[/b] [color=#ff0000][i]in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we …

I do not believe that it comes with a firewall. I think you have to purchase their security suite for that. It is pointless running more than 1 firewall (in my opinion) as only one will alert you to possible intrusions etc. Tried it myself once and the same firewall …

Without knowing what has hijacked the home page, it is difficult to say how to fix it. ZA can be used in conjunction with those tools. [b]Download [color=blue]HijackThis[/color] [b][color=red]selfextracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start …

dart-net, Hi and welcome to the Daniweb forums :). - There are entries there I do not recognise so please see if there are any you recognise. If you do recognise any, then just omit them from this fix. =============== We'll need to unload [b]Spybot's Teatimer[/b] before we begin. To …

Looks like you still have it. I have to go to work, but thought I would let you know that unless you delete these nasties simultaneously, they [b]will[/b] regenerate.

kjames74, Hi and welcome to the Daniweb forums :). - The header for [b]HiJackThis[/b] is very important: It helps to determine what steps might need to be taken to better secure your system, and provide more efficient cleanup procedures. For example, some files, which on standard on one platform, may …

Can you also do the following as it appears (from your log) that you do not have VX2; Download rkfiles.zip [url]http://skads.org/special/rkfiles.zip[/url] Unzip the contents to a permanent folder. Reboot in Safe mode. Doubleclick rkfiles.bat It will scan for a while, so please be patient. Wait till the DOS window closes …

UMDstudent, Hi and welcome to the Daniweb forums :). - Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. …

[b]Download [color=blue]HijackThis[/color] [b]selfextracting[/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you …

visional_studio, Hi and welcome to the Daniweb forums :). - Now, let's open a [b]command prompt[/b] by going to the start menu and then select 'Run'. In the box that pops up type in 'cmd'. The command prompt will open. OR You can go to Start -> Programs -> Accessories …

Nothing nasty in either log :).

Lirion, Hi and welcome to the Daniweb forums :). - Please go [url=http://virusscan.jotti.org/][u]here[/u][/url] and have this file scanned. C:\WINDOWS\system32\[b]canada.exe[/b] The file is known to be a dialler, but it is uncertain as to it's validity. =============== Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, …

Yep. Do not use Internet Explorer :D. It does not matter what anti-spyware you use, something will [b]still[/b] get in.

Hi ukblade and welcome to Daniweb forums :). Download Ewido, install then from within the program check for updates BUT dont scan yet ewido security suite: [url]http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1[/url] When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, …

[QUOTE=quinkky]'ello one and all, how have you been? work done at this site is simply fabulous![/QUOTE] I need some help as to:- [QUOTE=quinkky]1. Ad-aware stops scanning when it hits "Documents and Settings\.......\Local Settings\History\History.IE5\MSHistory012005051220050513. Never happened before[/QUOTE] Try running it in safe mode. [QUOTE=quinkky]2. Before this ad-aware scan always contain "MRU" …

Can you restore back to before you started deleting things. You may still have the problem of being unable to access folders otherwise :). When done, reboot and post another log and we will show you what to remove. You have at least 2 separate infections there.

Thank you also for taking the time to come back with your positive feedback. We appreciate it :D.

[QUOTE]All apps were closed when I ran this.[/QUOTE] Except Internet Explorer :D. - We'll need to unload [b]Spybot's Teatimer[/b] before we begin. To do this can you start Spybot and go to [b]Tools > Resident[/b] and uncheck the box next to [b]Tea-Timer.[/b] Make sure that the icon in the system …

ernestine725. You need a utility to unzip the file that dlh6213 advised. If you have XP, then there will be that ability onboard already. If another system, you will need to download winzip or some such. You also need to start your own thread in order to get the best …

Download Ewido, install then from within the program check for updates BUT dont scan yet ewido security suite: [url]http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1[/url] When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not …

Have you tried going into the Hardware Wizard and check the [b]add/troubleshoot a device?[/b]

Hi and welcome to Daniweb :). Unfortunately you have posted only half the log. Please rescan with hijackthis and post it in it's entirety. Also, can you do the following; Download Ewido, install then from within the program check for updates BUT dont scan yet ewido security suite: [url]http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1[/url] When …

Hi and welcome to Daniweb :). You are running hijackthis from a temporary folder, can you please create a new folder on your desktop and move hijackthis into it and run it from there. [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. When …

I have not seen this one before; C:\Program Files\SaverNow\SaverNow.exe Do you know what it is?

jung7311, Hi. Let's see what we can do :). - Download, then unzip to "[b]C:\HJT[/b]", the newest version of [url=http://www.spywareinfo.com/~merijn/files/hijackthis.zip]HiJackThis[/url]; [i]version 1.99.1[/i]. Then repost your log, either now, or after following the steps in the solution ([i]if provided in this post[/i]). [color=#ff0000][i]This version has features that might be more helpful …

Please download the Ewido Security Suite from [url]http://www.ewido.net/en/[/url] Install it and update it online. Boot into safe mode and run Ewido, allowing it to clean up what it finds. Boot back into normal mode when done and post another log please.

KhmErEvolutioN, Hi! and welcome to the Daniweb forums :). =============== Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. …

Jake, Hi and welcome to the Daniweb forums :). - Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. …

Hi and welcome to Daniweb :). Before we begin, let's move [b]HiJackThis[/b] to it's own folder; like [b]c:\HJT[/b]. When we're done '[i]cleaning[/i]' off your system, we're going to '[i]flush[/i]' the temporary folders which, with [b]HiJackThis[/b] [color=#ff0000][i]in it's current location, we'll lose both the program and the backups it creates. These …

Yep, you got a lot of nasties there. The main one being (perhaps) the Bube infection. Please go [url=http://computercops.biz/postt106277.html][u]here[/u][/url] for the instructions on how to remove the Bube.d (aka Win32.Beavis) Removal [isrvs] infection. Once done, repost a new log here and we will finish off the clean up. This, so …

May as well let the one in msconfig run, reboot and then uncheck them again. Go to system properties (right click MyComputer > properties) > Advanced tab > under startup and recovery click settings > under System failure make sure "Write an event to the system log" is checked AND …

Hoggy12, Hi :). Ready for some work? - Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] O4 - HKLM\..\Run: [Ipc] C:\WINDOWS\System32\Obt.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Bnn] C:\WINDOWS\Bae.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Egb] C:\WINDOWS\Gbu.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Gpk] C:\WINDOWS\System32\Rhv.exe [/b][/color] [color=#9933cc][b] O4 - …

Cannot see VX2 there, unless you have an earlier version. [b]Download [color=blue]HijackThis[/color] [b]selfextracting[/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the …

This infection is from the Transponder crew, the lovely ppl who brought us the VX2 infection :). When you have rebooted, rescan with hijackthis and check for these entries; [b]F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll O23 - Service: System Startup Service (SvcProc) …

Hi and welcome to Daniweb Paul. [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. When it completes, post back the full filename of any files that cannot be cleaned or deleted. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan at Panda as well.[/b] [b]The scan here does not …

can you right click on it and then select 'Save As.' Save it to your desktop if it allows you.

OK. Please do the following... =============== Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. Check(tick) "[b][i]Auto Clean[/i][/b]". 3. …

Any reason you have [b]3[/b] anti virus's running? There is every chance that they are conflicting with each other, causing problems with your PC. You need to have [b]one[/b] as an on access monitor and the others as on demand. In other words, just have [b]one[/b] starting up at startup. …

1. [b]Download and install [URL=http://www.lavasoftusa.com/software/adaware/][color=blue] Ad-Aware SE,[/color][/URL][/b] keeping the default options. [b]However, some of the settings will need to be changed before your first scan[/b] 2.[b]Close ALL windows[/b] except Ad-Aware SE 3. Click on the[b]‘world’ [/b] icon at the top right of the Ad-Aware SE window and let AdAware SE …

greycat. Hi and welcome to Daniweb :). We ask that members not tag onto the end of other members threads, especially here in the hijackthis forum. It becomes too difficult to diagnose more than 1 problem in the same thread. ============== Download the [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip][color=blue]Pocket KillBox[/color][/url] Unzip the file to your …

matrcox, Hi! and welcome to the Daniweb forums :). =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]Elite Sidebar[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Now, let's open a [b]command prompt[/b] by going to …

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the [color=blue]Lop Remover[/color] …

Download the [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip][color=blue]Pocket KillBox[/color][/url] Unzip the file to your desktop. [color=red]Go offline until you have completed all the below.[/color] Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. …

OK. Please do the following... =============== Download [url=http://www.cexx.org/lspfix.htm ]LSPFix[/url] and unzip to your desktop, then run it. Now, we need to: 1. check(tick) "[b][i]I know what i'm doing[/i][/b]". 2. click on (highlight) each occurance of the following, one at a time: [color=#ff0000][b]cdlsp.dll[/b][/color] 3. then click "[b][i]>>[/i][/b]", moving each one, individually, …

pickup, Hi! and welcome to the Daniweb forums :). =============== Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. …

megab10, Hi! and welcome to the Daniweb forums :). =============== Go to [url=http://www.trendmicro.com/en/home/us/enterprise.htm]www.trendmicro.com[/url], and then: 1. Click "[b][i]Free Online Scan[/i][/b]". 2. Click "[b][i]Scan now, it's free[/i][/b]". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down: 1. Select all available drives. 2. …