Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is slow and sometimes freezes. POS files. [RESOLVED]


  • This topic is locked This topic is locked

#1
lilnoob

lilnoob

    New Member

  • Member
  • Pip
  • 4 posts
Hi...

I know this kinda looks bad as a start because I'm a new member and already asking for help.

Just as how the description states Pos.tmp files are all over my "My Documents" and "C: drive"
and even if i delete them they still come back.


Thank you for you help and time.

~lilnoob~
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer. It's no problem that you are asking for help, that's what we are here for!


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download WinPFind35 Beta to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save it to your desktop as WinPFind.txt.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you will need to download Hijackthis and post a log, so please follow the guidelines below:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to follow the rest of the prompts from there
  • Scan your computer and save a logfile
  • Post the log in your next reply.

I would also like you to create an Uninstall list for me:
  • Reopen HijackThis and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button. Click the "Save List" button.
  • After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it, then the list should open in notepad.
  • Copy and paste that list here along with the HijackThis log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include the following:
  • WinPFind.txt as an attachment
  • The HijackThis log included in your post
  • The HijackThis Uninstall list included in your post
Regards,
RatHat
  • 0

#3
lilnoob

lilnoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Attached File  WinPFind35.Txt   243.07KB   89 downloads

and heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:51 PM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\TGVsYW5k\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kiwee Toolbar\kwtbaim.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\1A232420232427.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Drmupgds\Drmupgds.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\MCROSO~1.NET\scanregw.exe
C:\Program Files\Router\Router.exe
C:\Documents and Settings\n3omanc3r\Application Data\WinTouch\WinTouch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\n3omanc3r\Application Data\Microsoft\Windows\bjcjjljo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Documents and Settings\n3omanc3r\winlogo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\?ymantec\s?rvices.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\n3omanc3r\Desktop\WinPFind35u\WinPFind35U.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://routerlogin.net/
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [B2BBBCB8BBBCBFC0] 1A232420232427.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Etsa] "C:\WINDOWS\SSTEM~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Cemqfci] "C:\Program Files\Common Files\?icrosoft.NET\l?gonui.exe"
O4 - HKCU\..\Run: [Utra] "C:\PROGRA~1\MCROSO~1.NET\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\n3omanc3r\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\n3omanc3r\Application Data\Microsoft\Windows\bjcjjljo.exe
O4 - HKCU\..\Run: [Zvmprq] "C:\Program Files\?ymantec\s?rvices.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVsYW5k\command.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\dirom.html

--
End of file - 5890 bytes

I think I'm having problems on the uninstall list
everytime i click "Save List" Hijackthis just closes and doesnt ask where to save it
and if it does save where can i find it??
i also checked the folders its not there

Thank you for your time and effort. :]
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please uninstall the following programs:


LimeWire

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> command.exe -> %SystemRoot%\TGVsYW5k\command.exe
YY -> kwtbaim.exe -> %ProgramFiles%\Kiwee Toolbar\kwtbaim.exe
YY -> mrofinu1000106.exe -> %SystemRoot%\mrofinu1000106.exe
YY -> 1a232420232427.exe -> %System32%\1A232420232427.exe
YY -> drmupgds.exe -> %ProgramFiles%\Drmupgds\Drmupgds.exe
YY -> router.exe -> %ProgramFiles%\Router\Router.exe
YY -> limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe
YY -> bjcjjljo.exe -> %UserAppData%\Microsoft\Windows\bjcjjljo.exe
YY -> winlogo.exe -> %SystemDrive%\Documents and Settings\n3omanc3r\winlogo.exe
[Win32 Services - Non-Microsoft Only]
YY -> (cmdService) Command Service [Win32_Own | Auto | Running] -> %SystemRoot%\TGVsYW5k\command.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> B2BBBCB8BBBCBFC0 -> %System32%\1A232420232427.exe
NY -> KiweeHook -> %ProgramFiles%\Kiwee Toolbar\kwtbaim.exe
YN -> runner1 -> %SystemRoot%\mrofinu1000106.exe
NY -> winlog -> %System32%\winlog.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> Drmupgds -> %ProgramFiles%\Drmupgds\Drmupgds.exe
NY -> Etsa -> %SystemRoot%\sуstem\logonui.exe
NY -> Router -> %ProgramFiles%\Router\Router.exe
NY -> SfKg6w -> %UserAppData%\Microsoft\Windows\bjcjjljo.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
NY -> {446624E1-B767-4443-AA6E-0F355CAFD21B} [HKEY_LOCAL_MACHINE] -> %System32%\cbxustq.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NY -> cbxustq -> %System32%\cbxustq.dll
NY -> ycbdnzhz -> %System32%\ycbdnzhz.dll
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
NY -> HKEY_CURRENT_USER\: URLSearchHooks\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kiwee Toolbar\KiweeIEToolbar.dll [Kiwee Toolbar]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
NY -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
NY -> {446624E1-B767-4443-AA6E-0F355CAFD21B} [HKEY_LOCAL_MACHINE] -> %System32%\cbxustq.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {53f23ba2-2edf-414b-8ff8-756dc123e864} [HKEY_LOCAL_MACHINE] -> %System32%\ttvuntjg.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {6367C798-5E74-2CD8-0212-5300B8BC80C7} [HKEY_LOCAL_MACHINE] -> %System32%\ncr.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {6564CBCE-5C71-2F8D-5112-5300B8BCDBC3} [HKEY_LOCAL_MACHINE] -> %System32%\adgieuaa.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kiwee Toolbar\KiweeIEToolbar.dll [Kiwee Toolbar]
NY -> {709EFF01-BC39-4B61-3EAF-BA3C39AAA672} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Gaming Zone\zyjix.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %System32%\ycbdnzhz.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {C01FF68B-CFA0-47F5-8442-5A5CDC0B8236} [HKEY_LOCAL_MACHINE] -> %System32%\ddcya.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {C36201A4-A4CC-488F-B51A-6D24AD2F3C79} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Media Player\viwyfapaz4444.dll []
NY -> {E6631C60-2861-4810-9182-BCE3879578F1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Media Player\viwyfapaz83122.dll []
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
NY -> {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kiwee Toolbar\KiweeIEToolbar.dll [Kiwee Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
NY -> ShellBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kiwee Toolbar\KiweeIEToolbar.dll [Kiwee Toolbar]
NY -> WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kiwee Toolbar\KiweeIEToolbar.dll [Kiwee Toolbar]
[Files/Folders - Created Within 90 days]
YN -> 5119 C:\*.tmp files -> C:\*.tmp
YN -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> bszip.dll -> %System32%\bszip.dll
NY -> cbxustq.dll -> %System32%\cbxustq.dll
NY -> ddcya.dll -> %System32%\ddcya.dll
NY -> fdoshxgb.dll -> %System32%\fdoshxgb.dll
NY -> fftmqjqh.dll -> %System32%\fftmqjqh.dll
NY -> gebyyab.dll -> %System32%\gebyyab.dll
NY -> regedit.com -> %System32%\regedit.com
NY -> taskkill.com -> %System32%\taskkill.com
NY -> tasklist.com -> %System32%\tasklist.com
NY -> tiwyvcqg.dll -> %System32%\tiwyvcqg.dll
NY -> ttvuntjg.dll -> %System32%\ttvuntjg.dll
NY -> usrlogon.cmd -> %System32%\usrlogon.cmd
NY -> xkdqnjqh.ini -> %System32%\xkdqnjqh.ini
NY -> ycbdnzhz.dll -> %System32%\ycbdnzhz.dll
NY -> ycbdnzhz.dllbox -> %System32%\ycbdnzhz.dllbox
NY -> 9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> b116.exe -> %SystemRoot%\b116.exe
NY -> b122.exe -> %SystemRoot%\b122.exe
NY -> b149.exe -> %SystemRoot%\b149.exe
NY -> b151.exe -> %SystemRoot%\b151.exe
YN -> mrofinu1000106.exe -> %SystemRoot%\mrofinu1000106.exe
YN -> mrofinu1000137.exe -> %SystemRoot%\mrofinu1000137.exe
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

Let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

When asked to "Save As" save Combofix.exe as Combo-Fix.exe
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


For the HijackThis uninstall list, please do this while you are posting, then instead of saving the file, Copy and Paste the contents into your reply.

Regards,
RatHat
  • 0

#5
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#6
lilnoob

lilnoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry RatHat

i still do but not right now i guess

my charger for my laptop just broke and i dont know when i can get a new one
good news is i got my own internet and i can still be active with the ps3 my cousin's computer

ill try to get the charger ASAP.

Thanks for your time.



~~lilnoob~~
  • 0

#7
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
I'll put your log on hold for now. When you get the charger, run the fix and post back here with the results. Also PM me to let me know you are back and ready to continue cleaning the machine OK.

Regards,
RatHat
  • 0

#8
lilnoob

lilnoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
HijackThis Uninstall list

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adove Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shock Photos 1.0
AIM 6
Apple Mobile Device Support
Apple Software Update
C-Major Audio
Command
Conexant d110 MDC V.92 Modem
Dell Wireless WLAN Utility
HijackThis 2.0.2
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
hp psc 2200 series
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
iTunes
JAVA(TM) 6 Update 2
Mozilla Firefox (2.0.0.12)
MSN
NETGEAR WG511v2 54 Mbps Wireless PC Card
Network Monitor
Outerinfo
Quicktime
Windows Media Format Runtime
WinRAR archiver
Yahoo! Messenger

This is the Combo Fixlog
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

for the winpfind35 i could never get a succesful fix it always hangs and pop ups starts popping
and also i dont get it on what im suppose to do with OTmoveIT2


i got a new charger now so im back on fixing my computers
thanks

~~lilnoob~~
  • 0

#9
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please uninstall the following programs:


Command
Outerinfo

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next run Combofix again
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reboot your computer, run WinPFind35.exe again and paste the fix I have given you in Post 4 again. See if it will run, then if OK, post me the log it produces. If not, let me know.

For OTMoveIt2, just type purity in the bottom left panel with the yellow title "Paste Custom List Of Files/Patterns To Move" then click MoveIt!. This will scan for and remove the Purity infection.

Post me all the logs from the above fixes, and also a fresh HijackThis log in your next reply.

Regards,
RatHat
  • 0

#10
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
After receiving a PM from the user that this problem has been fixed, this topic is closed.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#11
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP