This topic is locked
Apparently the big infection is gone, now we must take care of the smaller ones.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Now let's do some work on your log:
First we need to make all files and folders VISIBLE:
Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible
Close all browser windows and RUN HijackThis.
. Click the SCAN button to produce a log.
. Click the Config button located in the lower right hand corner of the HijackThis window.
. When the new screen opens, find and click the Miscellaneous Tools button.
. Then choose the Open Process Manager button.
. From the list of processes, hilight the following items by clicking them, ONE AT A TIME, then DELETE them by clicking the KILL button:
C:\WINDOWS\TFPDENC.EXE
C:\WINDOWS\QDNYDLL.EXE
C:\WINDOWS\system32\svphost.exe
Once all items have been KILLED, click the Back button which will return you to the HijackThis main window. Now place a check mark beside each one of the following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [TFPDENC] C:\WINDOWS\TFPDENC.EXE
O4 - HKLM\..\Run: [QDNYDLL] C:\WINDOWS\QDNYDLL.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
Now with all the items selected, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode
How to use the F8 method to Start Your Computer in Safe Mode
*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
Using Windows Explorer, locate the following files and DELETE them (if they are present):
C:\WINDOWS\TFPDENC.EXE
C:\WINDOWS\QDNYDLL.EXE
C:\WINDOWS\system32\svphost.exe
scvvhost.exe
Exit Explorer, and REBOOT BACK INTO NORMAL MODE
Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.
Regards,
Trevuren
Sign In
Create Account
