Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

COMPUTER INFECTED?

Started by ecspoilprincess , Jan 02 2007 07:29 PM

  • This topic is locked This topic is locked

#31
ecspoilprincess
Posted 15 January 2007 - 05:17 PM

ecspoilprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
did i do it right...
  • 0

Advertisements

#32
Excal
Posted 15 January 2007 - 08:06 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You did fine :blink:


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> lrccwrte.exe -> %SystemDrive%\Documents and Settings\Admin\lrccwrte.exe
YY -> winstall.exe -> %SystemDrive%\winstall.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> gwiz -> %System32%\ntsystem.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Windows installer -> %SystemDrive%\winstall.exe
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %SystemDrive%\PROGRA~1\LimeWire\LimeWire.exe
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl
YY -> gwiz -> %System32%\ntsystem.exe
YY -> PestTrap -> %ProgramFiles%\PestTrap\PestTrap.exe
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> ntoskrnl.dll -> ntoskrnl.dll
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 1
< Internet Explorer Settings > ->
YN -> HKLM: Local Page -> C:\windows\system32\blank.htm
YN -> HKCU: Local Page -> C:\windows\system32\blank.htm
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2499216C-4BA5-11D5-BD9C-000103C116D5} -> Reg Data - Value does not exist [ButtonText: Yahoo! Login]
YN -> {3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm
YN -> E&xport to Microsoft Excel ->
[Files - Created Wihin 30 days]
NY -> winstall.exe -> %SystemDrive%\winstall.exe
NY -> ntsystem.exe -> %System32%\ntsystem.exe
[ Extra Files ]
C:\program files\pesttrap\
C:\program files\limewire\
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and you will be asked if you want to reboot. Click Yes.

After the reboot, locate the latest .log file in the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log) and post that back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Please post a Fresh HJT log also

thanks,

:whistling:

Excal
  • 0

#33
ecspoilprincess
Posted 24 January 2007 - 05:45 PM

ecspoilprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Excal,
Sorry it's been so long since i logged in but i haven"t been here at my moms house so yeah SORRYYY!!!!!!!!

when i did the RUN FIX. it never said anything it just froze .... thank you so much for all you help.....

Edited by ecspoilprincess, 24 January 2007 - 06:12 PM.

  • 0

#34
Excal
Posted 24 January 2007 - 06:56 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
How are you :) Glad to see you back :help:

I like your other picture better!!! :blink:



can you try that in safe mode please


Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

:whistling:


Excal
  • 0

#35
Excal
Posted 10 February 2007 - 02:48 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP