2,042 Posted Topics
 | Naturally enough. Defender can't .. never mind. You are in the wrong forum; cart your plaint over to Viruses n Nasties, read and follow the top sticky. Post there. |
 | Yep, it's okay to fix those O2's and the kernelfaultcheck entry. The HP lightscribe thing is so you can write graphics to your [special] CD labels... |
| | ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and … |
| | Urk... see if this helps: ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way. Now run CCleaner from the … |
| | "My computer is working ok"... oh no, it's not. Either your CD is dirty.... or your RAM is unhappy.. replug/swap it, try again. |
| | Re: Help please Okay, Steven, I'll pick it up for you because Crunchie is taking a break. I just hope it is not too long a one... he does the best work. Btw, hijackthis must be run in Normal mode when producing a scan for us. Please delete `C:\vundofix.txt. Rename hijackthis .exe to … |
| | Hello, Sol. Because I do not know when you started trying to remove your pests, I would like to start from scratch, so please delete your copies of ComboFix, C:\combofix.txt, Vundofix, C:\vundofix.txt. Great. You still have a bit of Symantec running - could you try to uninstall it? If it … |
| | Re: help me Ok, I can look kindly on a cry for aid... goggle for logonstudio... there you will find free software, a fantastic selection of artful and wild images, and all the help you need. With a bit of thinking you will be able to take a logon image without the logon … |
| | I have no idea how AV approaches scans of packed files.. CABs, RARs, ZIPs etc. But I would guess that it has to unpack em first, and so I am next guessing that your Windows Installer is a bit broken? Guessing.... SVI pword protected? Weird. Some things like Daemon tools … |
 | Yes, they do. Vundo is one obvious one that shuts its processes, removes its keys, when it sees hijackthis start. But sometimes we can tell if Vundo is active by other traces and so ask for the cleaning tool to be run without confirming the files and keys are there … |
| | I'm sorry, Dan, but I for one just do not have the time to scan a file like that. And Windows 98 is way before my time...... Dan, grab these: Unlocker 1.8.5 ==This one is a general purpose deleter, Unlocker 1.8.5: [url]http://filehippo.com/download_unlocker/[/url] Dclick the exe to install it, unchecking the … |
| | Jus thow did you reformat the HD? With what tool? |
| | Hello. OneStep is something you "agreed" to dl, prob on the back of some free tool.. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - Startup: Sonic CinePlayer Quick Launch.lnk.disabled O4 - Global Startup: Ulead Photo … |
| | annamarie, just fix any Rx entries in the hijackthis scan log the refer to HP or AOL [or indeed to any that you don't like or want there..], and check O14 for entries that will automatically reset your default browser homepage to HP etc. Fix those too. |
 | You still have the problem, mix? Cos your last log shows this desktop item... O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\prokyko.html O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\prokyko.html Fix them both and delete the two files referred to. Rclick your desktop in … |
| | Looks clean. System Restore Points Clearance: ==You MUST clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, … |
| | I can be the bearer of indifferent news. Log's clean, although for us to be more certain you shoulda renamed hijackthis.exe as imabunny.exe before you ran it, not the txt file... you could fix this item for a legit item you deleted. [AVG7 is the virus hunter, btw, AVG 7.5 … |
| | Aero, you should have only two copies of that file. svchost.exe lives in and runs from system32\; the copy in i386 is the backup copy used by windows file protection system. Delete the duplicate in system32. If you run system file checker it will examine the file in system32 and … |
| | Look, that's a pretty filthy sys there.... has/had vundo, got a couple worms/backdoor hacks, miscellaneous others - what have you got against a format, installation? Anyway, let's see what this does: It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - … |
| | Greentree, almost wasting my time here, fixing this, cos you are running a naked XP there, with no SP2 - how you have survived this long is wondrous. Do these things.. see what happens: ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start … |
| | Michelle, it appears that you do have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] Restart your system in Safe Mode. *****!! Double-click VundoFix.exe to start it. Click the Scan for Vundo button. … |
| | Ok, I can see that you are having fun trying, so I'll give you a gentle shove in what I think is the right direction: did you get your vundofix from here? It won't hurt to delete your copy n get a fresh one.... [url]http://www.atribune.org/ccount/click.php?id=4[/url] Run it in Safe Mode. … |
| | What a brazen come-on!! :) K... a couple of things there, let's move em out. Either: go Control panel > folder options OR: in an explorer window > tools>folder options; - then view tab, and press Show hidden files and folders. Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to … |
| | Hello, Gary... you could just do this, use hijackthis to fix the following entry and then delete its file: O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll ..But I would like to see if Combofix is set up to deal with it properly - there are a lot of reg … |
| | You might want to use hijackthis to fix these two entries. The first is a random downloader pest which will tie up your web connection. O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]http://launch.gamespyarcade.com/soft...ch/alaunch.cab[/url] O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - [url]http://ps.itv.mop.com/dn/files/pCast....94_signed.cab[/url] Cheers. |
| | Re: win32.agent.aga Brilliant. You musta known we couldn't read that... Post a hijackthis log, please? ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. Okay, I got it from the page source, it's a backdoor trojan, Ciadoor. ==GET AVG antispyware 7.5 … |
| | One problem you have that is easy to solve: remove one of you resident AV scanners, now. Very impt to have only one. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - … |
| | Interesting. Could you pls do this [it is only the second time I have been presented with AVsystem care, and that other chap didn come back, so bear with me, please...]? ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Open the … |
| | Log's clean. Suggest overheating, or dodgy PSU as first items to check. |
 | It does sound as if some of the pgms in your OS which handle web browsing have become corrupted. Now I am not sure, but I would imagine that browsers other than IE use some of the OS's dlls to run various processes, such as handling html etc..., so as … |
| | Goggle for Rest2514. Another is PCI Filerecovery. Both free, both fast, both simple, both good. |
| | Re: Virus Trouble It's possibly a vundo infection... ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -click … |
| | |
| | Every instance of an open webpage will have at least one connection, to secure sites there could be several; a couple running for your system [internal], multitab browsers such as firefox, opera will have at least one per tab. And so on. But a hundred or so? Wow... typically I … |
| | Sarah, start hijackthis and then select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - … |
| | Mozilla cookies... unlike with opera or IE it does not seem possible direct cookies anywhere special. The end location is set in the script somewhere? Default preferences. Anyway, where they end up in a working firefox is at %systemdrive%\documents and settings\user [that's your login..]\application data\mozilla\firefox\profiles\coded mumbo.j.default\cookies.txt Phew!. If you have … |
 | A M$ .doc is just code - ascii text plus formatting code for colours, shapes, arrangement; a .gif is a coded image map of pixels, the code may contain instructions for presenting multiple images [if they exist] embedded in the .gif file, and the two are way different. You will … |
| | Hello, it would have been nice to have seen the vundo report.... vundofix would have deleted the files it found, but there appear to be more, certainly you have other malware there. Let's do this: Please rename hijackthis.exe to imabunny.exe - this is important. I see that you ran vundofix … |
| | If you goggle boot.bmp you will find simple instructions and a lot of free loading screen pics to select from. You can do it in far more "invasive" ways too, but personally i don't see the point... my loading screen is up for <6 secs.. and I'm generally not watching … |
| | Heh.. brothers... HiJackThis: ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files. -in that folder start HijackThis by dclicking the .exe, select Open Misc Tools Section, check List minor Sections and press Generate Startup List.... And if it does not show up on that there is … |
 | Janis, there is nothing wrong that shows on your log. You could use hijackthis to fix this entry - it's merely for an installer that has done its job and does not need to be on the autostart list: O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\JANISH~1\LOCALS~1\Temp\{C08042A7-7489-4744-9262-F52912808DF5}\ {D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009" Frankly, if chkdsk warned … |
 | "Run as" is a sandbox [the top button...], a virtual environment windows creates to run the pgm. It allows the pgm to do as you wish it to data files, but will not permit it to change registry entries, or modify the OS. Think of Run as as a new … |
| | If you do not use M$ apps like office etc then restrict your updating to Windows updates only - this results in you getting security updates only. If you are interested in this then go programs > microsoft update, when the web page loads hit options and make your selection … |
| | Please do this so that we are not blind: ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer … |
| | There are no malware issues showing in that log. Slowness could be from the large number of processes evidently running - I suggest you look seriously at the items in your startup list -many are reflected in those O4 entries, and cut those which are of no use, or which … |
| | Jenjen, you do not have a virus or any malware showing in that log. But I STRONGLY advise you to remove one of your resident AV services, either Mcafee or AVG - they will conflict so badly anything can happen. Do it now. Next, to clean up a bit, start … |
 | First, go to add/remove pgms and uninstall MyWebSearch, then delete the pgm folder of that name. This is your main problem : O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe And then there is this, a pest: O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYGB[/url] -fix both with hijackthis, then delete the … |
| | Re: windows no disk just copynpaste it in the clear from the notepad log, don't hide it in an attachment. [but just so you know, attaching files is in Go Advanced tab. Don't use it for the log, tho.] |
| | Azriel, you MUST remove one of your resident AV services. One is all you may run, cos they interfere. |
| | Hello Kevin, you ran this scan in safe mode... it does not show us everything that is going on. Use normal mode. Go to add/remove pgms and remove these : NewDotNet RXToolBar Need2Find ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - …  |
The End.