Posts by cohen

yeah, same stuff in mine ,no balloons and streamers .just the same junk you have .i also only signed up for the win7 dvd's . i found out about it through the Microsoft MPV program ,the story on that one starts awhile back i was contacted on this forum by some saying they were part of the mvp program and wanted to nominate me, i guess so many Canadians get nominated ,first i said no[also didn't think i qualified and still don't ] thinking it was maybe a scam ,but was assured it wasn't ,so i agreed .so i got nominated ,for my helping here on this forum ,i told the guy i was just a good Googler!lol, my prize ! i received a 150.00$ certificate for the online Microsoft store , and a one year subscription to Microsoft netlife, the magazine and the website ,vale over 300.00$ the site gives me access to all microsoft software and Os's from 3.1 on ,with working keys even download . i have a fully working 90 day trial of win7priemium anyway a long story short ,its all a bit over my head ,and im the first one to admit it ,most nominee are IT people.not me

https://mvp.support.microsoft.com/gp/aboutmvp

That's awesome! I was so happy about getting Windows 7, it is really good.

Congratulations on winning as well.

and baloons and streamers and a puzzle.lol

I wrote a small article about it ;)

http://cohenl.info/blog/microsoft/windows-7-article/

You can just do a php include arrangement. That is what i have done.

Its pretty easy to do. Google will help you with that sort of stuff.

Are you trying to do this locally on the computer? as in trying to view the image or
Are you trying to view this page on a web server?

What i do is in the folder where all the HTML files are, i have another folder called "images" with all the site images in there.

Then i would go into dreamweaver (which is what i use to edit my site) and then map to the image. If you have it working properly, you shouldn't need any of the C:\Users etc

If you need help with this, i can help you. I can do it for you if you would like.

I got win 7 the same way.

Probably because the computer is so old, you will need at least windows vista drivers. I found that out.

As Crunchie said, Avast.

I highly recommend it, it has stopped many things on my desktop, and my previous laptop.

So, all in all, Avast is the best!

Cohen

Alright,

Can you pls go into Add / Remove Programs - Start > Control Panel > Add / Remove Programs, and remove all Java Components

Then go to www.java.com and download and install the latest Java.

Reboot your Computer.

Then run HJT again and post the log.

I'm worried about a few HJT entries....

O2 - BHO: (no name) - {28A86322-95FF-444A-A36F-136FA8036E09} - C:\WINDOWS\system32\opnkkjHX.dll (file missing) - I found no information on this
O2 - BHO: (no name) - {DC566DF9-3EFF-4A27-94C5-779179F740D2} - C:\WINDOWS\system32\xxyyVMdE.dll (file missing) - I also, found no information on this....

I'll see what jholland and / or crunchie have to say.

Thanks,

Cohen

Log Looks Clean to me :)

Just make sure the Viewpoint Manager doesn't appear in the Add / remove Programs (Control Panel > Add / Remove Programs), If it is, uninstall it.

Otherwise, it's good to me :)

Cohen :)

The only pc I would put Norton on to is one belonging to my worst enemy.
Uninstall AVG and give AVAST a try.

lol, i totally agree!

Cohen

Beautiful.

Alright, well if you have any problems, pls come back and we can proceed with further instructions and removal tools.

Cohen

Alright:

Pls do the following, and the instructions carefully.

================

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:

• Go to Start > Control Panel double-click Add or Remove Programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment…. )
  Select it and click Remove.
• Then Download and install the newest version from here:

  http://www.java.com/en/download/manual.jsp

Reboot your computer

=================

Run HJT and mark a check next the following:

O20 - AppInit_DLLs: c:\windows\system32\namurelu.dll c:\windows\system32\fuduyefi.dll,C:\WINDOWS\system32\masedaro.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O4 - HKUS\S-1-5-19\..\Run: [salapowore] Rundll32.exe "C:\WINDOWS\system32\lunanosi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [salapowore] Rundll32.exe "C:\WINDOWS\system32\lunanosi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')
O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe
O2 - BHO: (no name) - {0716104c-d420-435c-ac5c-4f27f8715d00} - C:\WINDOWS\system32\ropefove.dll
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

Alright, there are a few things that need to be fixed.

Bare with me, i'll type up some instructions.

Cohen

Can you pls download and the use the latest HJT.

Download it from here.

Thanks,

Cohen

Hello,

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. – Pls Run HJT again and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

No, but the virus could cause it to lag, crash, or anything, so i would recommend that we get the virus fixed before you do that.

Sorry,

Cohen

Pls follow my instructions because your MBA-M is out of date and you took no action, so it means it did nothing! So you need to follow my instructions

Also, to update MBA-M go under the update tab and update it.

Thanks,

Cohen

Easiest way is booting into safe mode....

But, otherwise use Malwarebytes Anti-Malware, that is the best way. So we can make sure that the virus has gone. Pls do the following:

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. Now, we need a HJT log.
Click Here to download HJT V2.0.2
* Save HJTsetup.exe to your desktop.
* Double click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks …

thakkar2000,

Pls do the following:

1. - Your MBA-M is out of date, pls do the following:

* Open MBA-M
* Go into the update tab
* Hit Update, the Latest version is 1.31 and Database version 1533.
* Once the update has been completed, go into the Main Menu and Select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Pls run HJT again and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

There are a few things i want you to fix, but i'll wait for crunchie to post back with his instructions.

Cohen

Alright, here we go.

============

Go into Control Panel. Then into Add / Remove Programs and Remove All the Java Components.

Then go to www.java.com and download and install the latest Java.

Reboot your PC.

Alright,

there are a few things that need to be fixed, i'll get back to you with instructions.

Cohen

Alright, can you do the following:

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks,

Cohen

kekerules - How is your PC going now??? Are you still having problems????

There are still a few things that still need to happen, but i just want a report first.

Thanks,

Cohen

kekerules - Pls download the latest HJT from here.

Also, can you pls follow the below instructions for Malwarebytes. Can you pls follow my instructions very carefully!!

1. - * Go into MBA-M
* Go under the update tab, and update it. - The Latest Database version is 1529 or higher. And Version 1.31 for Malwarebytes.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Also can you pls download the latest hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

Just looking at your combo fix log, it looks like your java is out of date.

Can you pls go into control panel > add / remove programs, and remove all Java Components.

Then go www.java.com and download and install the latest Java.

Thanks,

Cohen

aaahhh... yes, it is a setting under Internet Explorer, Reset all of the settings and then you should be right.

Cohen

Beautiful, Log Looks Clean to me :)

Are you still having problems?

Cohen

* Pls run Hijackthis, mark a check next to the following:

[*]O4 - Global Startup: Event Reminder.lnk = ?
[*]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

* Then, fix them.
* Reboot your computer
* Run HJT again and post a new log.

Thanks,

Cohen

Beautiful, just next time pls post your combo fix in a reply.

Also, bare with me, i'll type up some more instructions, some things need to be fixed.

Thanks,

Cohen

lol, Crunchie and i posted at the same time :P

Cohen

Alright, there are still signs of infection.

Can you pls do the following:

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks,

Cohen

Follow as Crunchie said, here are some clearer instructions for MBA-M

* Update MBA-M, the latest MBA-M is 1.31 and Database Version 1525 or higher
* Once the program has updated, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

In your reply, post a fresh Hijackthis log as well as the MBA-M log.

Thanks,

Cohen

Hello. OK I've done all that.

Couldn't find that file despite having 'show hidden files' on.
Will fixing those 2 items on the hijack list have got rid of the trojan.bho that comes up on malwarebytes? It's not removing it on reboot..
Thanks.

Alright sounds like it is still there.

As for the Entries, they are to fix a few things on your PC, but not necessarily for the trojan.

Pls do the following:

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks,

Cohen

Alright,

Can you pls update your MBA-M, update it under the update tab, it should be database 1512 or higher. Then pls run a scan again.

Then, download Hijackthis, run a scan and post the log.

Thanks,

Cohen

Try using internet explorer.

Cohen

Alright, download it from here.

Continue my instructions as posted previously.

Thanks,

Cohen

Hello,

Alright, let's try combo fix.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please post that log in a reply.

  Note:
  Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks,

Cohen

Alright, Sounds like Malwarebytes has fixed the problem.. There are still a few things that need to be done.

==============
First

Pls go to www.java.com and update your java. As it is way out of date.

==============

Second

Can you pls open HJT, and run a scan only!
Find the O4 - Global Startup: VersionTrackerPro.lnk = ? entry and mark a it.
Then click Fix it.
Once you have done that, rescan, save the log and post it in a reply.

===========

Post back with the new HJT log, just so we can make sure everything has been taken care of.

Thanks,

Cohen

All clear, from my end :)

Go ahead with Creating a System Restore Point.

Once that is done.

Then, it's clear and clean.

Just remember if you have any other problems to come back with a HJT and a MBA-M log.

I also recommend running MBA-M weekly, just to keep things nice, and remembering to update it before running a scan and doing a full scan, all of the time.

Also, there are some processes running that are not needed and can be provented from starting, so i recommend following these instructions here, and stopping a few things upon start up.

Good Luck.

Thanks,

Cohen :)

Alright,

First of all, your java is out of date, so can you go to www.java.com and download and install the latest java.

Second, Malwarebytes is still out of date for that last log.

* Pls go under the Update Tab and update Malwarebytes (MBA-M).
* Once that is update, the database version should be 1504 or higher.
* Run a full Scan
* If anything is found, remove everything!
* Reboot your computer
* Then, run HJT, and run a scan.
* Then, in a reply, post back with both the HJT and the MBA-M log.

Thanks,

Cohen

Yes, pls uninstall Combo Fix by going Start > Run > Type "combofix / u" (without the "") Then Continue.

If you need further help, visit here.

That will remove the quarantined folder as well.

Thanks,

Cohen

OK, can you pls update your Java. Go to www.java.com and update it pls.

Then go into control panel and remove viewpoint manager. (Start > Control Panel > add / remove programs > remove viewpoint manager)

Then reboot your computer.

Run HJT again and post a new fresh HJT log.

Thanks,

Cohen

Alright, everything looks up to date and Viewpoint is removed and gone.

That's a nice clean log :)

Cohen

ok done... so that's it?

Pls run HJT again and post back with a fresh log, so we can check that everything is fine.

Thanks,

Cohen

Pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

From what i can see, yes you are clean...

But what for either Judy for Crunchie to come along and confirm it.

But one more thing, you have viewpoint manager installed, and i recommend you uninstalling it.

Start > Control Panel > Add / Remove Programs > Remove Viewpoint Manager.

Once you have done that, reboot, and post back with a fresh HJT log, so then i can make sure that is completely remove.

Thanks,

Cohen

Let me work in Word and Access for a bit and see how they perform. No problems yet and I've had word open for about an hour (Previously it would have crashed a bunch of times by now so it seems a lot better). I will get on here to tomorrow and let you know how it all is going. If it is good then I will pronounce this thread "Solved". Thanks a million for the assistance.

K

Beautiful,

Cohen

Reboot and then run HJT.

Thanks,

Cohen

do i need to run a full scan, or can i run the quick scan? full scan takes HOURS

A quick scan will do.

And a full scan shouldn't take hours, should take maximum 2 hours or so.....

Anyway, quick scan will be fine.

Thanks,

Cohen

The recovery partion, will still work.

OK, good,

Now pls update ad run MBA-M again... and them remove everything it finds, reboot it, post the MBA-M log as well as a fresh HJT log.

Thanks,

Cohen