gerbil

Hi, mom, would you please start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: {ff58c7ee-4a23-ebaa-ede4-6729d6ba4500} - {0054ab6d-9276-4ede-aabe-32a4ee7c85ff} - C:\WINDOWS\system32\kcicddhl.dll (file missing) O2 - BHO: (no name) - {0240CB11-AA5B-46C3-9FFC-684D4D489AC2} - (no file) O2 - BHO: (no …

Just prior to that msg first appearing you probably installed some poorly written software. Check back, and uninstall it if that is the case.

It appears that you have a vundo infection, or traces of one so as a first step... ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. Click the Scan for Vundo button. When the scan completes click the Remove Vundo …

Syl, your log is fine. Short, and that is nice - most folks ignore the instructions on running hijackthis and leave a bunch of apps running. My own log is short like yours, shorter, even. Rundll will show all the time it is handling a process from a dll, the …

Fun times, kyle. Guess you could try this scan: ==Please use IE to do an online scan at panda:- [url]http://www.pandasoftware.com/products/activescan?[/url] -select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan. Post the log it produces …

Ok, I'll bite. What exactly did your Trojanhunter remove? The logs appear identical apart from the appearance of that pgm and the loss of AVG AV. I see no problems in either log, malware problems, that is. I do see what appears to me to be far too many protection …

hello, kained, please start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\setup jugs.exe O4 - HKLM\..\Run: [bib bat meet link] C:\Documents and Settings\All …

No, you did nothing wrong, it is just that I for one could not figure out any account-specific causes of your situation... sorry. A roundabout way out would be to create a new account for yourself and migrate over to it all the files from your old My Documents folder. …

Hello, Ken, please start hijackthis select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\wvusssq.dll (file missing) O2 - BHO: 0 - {3844D88F-F2C2-4409-B9A1-9322676A141D} - C:\Program Files\Internet Explorer\qukadotal859.dll (file missing) O2 - BHO: …

Hello, chuc, I must say that I am intrigued by the structure of your Program Files directory... ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in Safe Mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option …

Yeah, they do that sometimes. Log is clean, anyway.

Hello, Carlos, this should fix your problem.. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - HKLM\..\Run: [qcazhevk] C:\WINDOWS\system32\qcazhevk.exe O4 - HKLM\..\Run: [juxkvmlxpw] C:\WINDOWS\system32\juxkvmlxpw.exe O23 - Service: Print Spooler Service (o1d68erye) - Unknown owner - C:\WINDOWS\system32\juxkvmlxpw.exe …

It does not show. what is the popup advertising or saying?

Hi, steek, first up, please run hijackthis in normal mode if possible when you require a log for checking; in safe mode not all processes are started, we may miss things. Right. =Please make a restore point because an infected restore point is better than no restore point at all. …

There is always a way. Or two.... 1] don't mouse-over them - they are pretty obvious to see. Usually. 2]because they use javascript, disable that in your browser. But you might miss it. That is about it. Try not to use your pointer as a reading aid, books n newspapers …

Please run one of these two rootkit scans, both if you wish... and post any positive results. Do not use your computer while it scans. ==Download the latest standalone version of Blacklight from [url]http://www.f-secure.com/blacklight/[/url] Install it, start, accept the agreement and Scan. ==AVG AntiRootkit from [url]http://free.grisoft.com/doc/5390/lng/us/tpl/v5[/url]

==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] - to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has …

Use hijackthis to fix this entry: O4 - HKLM\..\RunServices: [firef0x log] firef0x.ex Delete this file: C:\WINDOWS\system32\firef0x.exe -you may need this: ==This one is a general purpose deleter, Unlocker 1.8.5: [url]http://filehippo.com/download_unlocker/[/url] Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and …

USe hijackthis to fix this installer: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - .. and then try again after uninstalling and deleting all AVG AS components you can find. No go? Then... ATF Cleaner: ==Download this temp file cleaner from [url]http://www.atribune.org/ccount/click.php?id=1[/url] --click in the download window to run it, and when ATF …

"i have driver reinstallation cds; but not sure if they have windows." Me neither, but you are going to need a Windows Setup CD from someone. Borrow a copy that is the same std of upgrade as yours... eg SP2. When the "Welcome to Setup" screen appears, press R to …

Nothing stands out in that log as an obvious cause of your problem. Do you still have MySQL in your sys? Something is trying to run it, there is an Service trying to start: O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) ||| now C:\Program.exe is/was not …

Easy. To call up the adjustment window you can rclick the lil time display in the taskbar, or you can Run timedate.cpl. That file is in system32, change it to timedate.cpl.bak. Odds on they won't think of going in there to fix their access. Unless they read this.

Okay, let's see what we can do. A gamer's machine..... sigh... lotsa weird drivers and files. It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in …

You can do all this in safe mode: Run Smitfraudfix option2. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://frontier.myway.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://frontier.myway.com/[/url] O2 - BHO: MSVPS …

scubette, if you post on a solved thread you are liable to get missed. No charge to start a new one... :) Anyway, what are we talking, LCD display? If so, in a darkened room when it goes black can you see faintly the displayed image? If so, it's the …

Cool post. And it got cut off. No, don't fix them, from what I can see they would have been put there by a spyware guard or blocker service you are running - they are ads servers and otherwise undesirable sites just from quickly running my eye over a selection..

Hello, salty, ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in Safe Mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] You will be prompted: "Registry cleaning - Do …

Mmmm.. some pests block access to the CP; I guess they think that makes them safer. Dunno. ==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad …

JJ is your pet name for Windows? Fix these entries with hijackthis: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKCU\..\Run: [Tcjaxr] C:\JJ\?ppPatch\s?chost.exe O4 - HKCU\..\Run: [Ggkkntdd] C:\JJ\system32\s?stem32\d?dplay.exe Good. Now delete these files: C:\JJ\?ppPatch\s?chost.exe C:\JJ\system32\s?stem32\d?dplay.exe ... and these folders: C:\JJ\?ppPatch C:\JJ\system32\s?stem32 ... and post a new …

Hello, jen... no, it just means we go outside n play occasionally. Lessee, a nice, light and clean installation you have there. Be even nicer with FF instead of IE7. Slowness.... right, I see you have One-care loaded up with Kaspersky AV. If you switch off One-Care's AV scanner/guard [can …

I am confused... this is what happens when you piggyback on someone else's thread. Are you saying you have a winupdate.exe problem? That is a worm file, AS such as AVG AS will fix it. I cannot read this part of your SDFix log: Authorized Application Key Export - stop …

Now delete your Smitfraudfix version and get the latest, 2.242, otherwise Crunchie will do his nut. And of course, present a new log.

Dl these files onto a thumbdrive [the first will fit on a floppy]: ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. Click the Scan for Vundo button. When the scan completes click the Remove Vundo button. You will receive …

Quite an armoury you ran. Love to see the Vundofix log you have.... but it did not finish its job - the trick is to run it a few times, as it cleans it "learns". You look to see that it has deleted all that it found, if not you …

C:\WINDOWS\system32\9C4E99AAAD.sys C:\WINDOWS\system32\ADAA994E9C.sys I don't know what those two are, the names are a hash. You could check properties. C:\WINDOWS\system32\accwizl.exe - this one is probably bad. Only good pgms are being launched by those keys in the SDFix log. You should post a hijackthis log [see stickies] with your explanation of …

Blank popups combined with that error? Obviously the host malware is scripted poorly. ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way. Now …

==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in Safe Mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] You will be prompted: "Registry cleaning - Do you want …

Hello, rocker. You see where it says this: Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 -pretty much means nothing to worry about. Funnily enough, all those locked objects are legit... d:) ...er, your sys is clean. There are other scans, but Kaspersky …

Hello, lofti... as Suspishio pointed out your sys is loaded, he has identified the culprits, more are hidden. I understand your trepidation - we can automate the removals if you wish.... Open a windows explorer folder, > tools > folder options > view, and -press Show hidden files and folders …

Hello, Vman. For a start you must choose between Norton and AVG AV's - they conflict, and have unforeseeable effects - uninstall one of them. I see that you have MyWay Search Assistant [there, courtesy DELL]. You can get rid of it if you wish... First see if it is …

You almost hit on the solution there yourself : you must use only ONE active AV because they conflict with unforeseeable consequences. Time to choose - AVG or Norman. Uninstall one. Always keep your firewall up.....ALWAYS. That is an outdated hijackthis version... [I hope that was the solution..]

Well, the sys is obviously still pretty filthy, a repair would have fixed damaged sys files but not affect any malware that had their own files.... you've got 30 days to activate, why not run Panda now that you are online with it? Use CCleaner first. [url]http://www.ccleaner.com/[/url] ==Please use IE …

Be nice to see your vundofix logs... Nothing shows there. Maybe you have infected [sys] files... dl this file from [url]http://noahdfear.geekstogo.com/FindAWF.exe[/url] -to your desktop, perhaps. -option 1: dclick the .exe to start the program, select option 1 to start the process. Please post the contents of the notepad that opens, …

Hello, coach....[are only americans nicknamed coach?] - for a start, if you clicked a link [fine] and an activeX control immediately started downloading [not fine] you have your IE security settings WAY too low. Try medium as a minimum, that way you will be prompted for signed [owned] controls, and …

By any small chance do you have the default program files directory on a drive other than the systemdrive?

G'day, h8, you can access explorer via taskmanager, file, new task, enter explorer.exe. Use hijackthis to fix these entries: O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - [url]http://launch.gamespyarcade.com/soft...ch/alaunch.cab[/url] O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 Delete this file also: C:\WINDOWS\\system32\AquaReal.ocx …

Call it malware tools then. Don't build up a comprehensive collection of tools though apart from those which [auto-]update only the detection files - a lot of the tools we use are updated from week to week or more generally as required by developments, superseded versions my well be useless, …

Hello, Sreddy, if you still need help could you start off with this, please? ==Download this temp file cleaner from [url]http://www.atribune.org/ccount/click.php?id=1[/url] --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected. Next click Firefox [if you have that browser..] at …

"...print out a copy of..." Urk. TIF are the webpages you've visited, pages you've downloaded... some ppl leave the folder size setting as determined by windows setup, you could be talking 100+ MB of data. And most webpages for ease of editing/rebuilding are built up from 100's of individual items.. …

Yep, you did, sometimes we're just way too slack here. I put it down to there being other, more fun or demanding things to do... You have one too many resident AV services, uninstall one and restart. They spend a lot of your CPU time checking each other out.... Use …