Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.w32.ep problem + IE not working [RESOLVED]


  • This topic is locked This topic is locked

#46
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

Yes you can use word. Make sure that u save the file as a text file. Once the file is saved, close word and then rename the file sm.txt as sm.bat.

Make sure that this file is prepared and then download sm.txt and rename it as sm.reg.

Else the files will be mixed up.
  • 0

Advertisements


#47
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I run sm.bat

but I can't run c:\windows\regedit.exe: same error message as usual

Edited by Souss, 29 June 2005 - 09:27 AM.

  • 0

#48
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you reboot the PC and post a fresh HJT log ??
  • 0

#49
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
HJT has not been working for a while: same error message as other programs.

other question for you: is turning off the PC by pushing the power button and then turning it back on the same way rebooting? because I can't use the start menu and "turn off computer"

Edited by Souss, 29 June 2005 - 09:38 AM.

  • 0

#50
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
For shutting down the PC, you can use the windows button. When you hit it, the Start menu should open.

Else use "crtl + alt + del" and then choose shut down option.
  • 0

#51
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Souss,

Can you copy the wininet.dll file to c:\ and rename it as wininet.old ?? We would like to study this file and understand the infection better.

looks like there is a situation which cannot be salvaged due to the deep penetration of the infection.

I would suggest a System Restore for you at this point.

You can read more about how to do system restore here - http://www.microsoft...temrestore.mspx

Choose a time about 2 weeks or so before when you didnt have these issues with the PC.

Let me know if you want to go ahead with the System Restore
  • 0

#52
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
alright HJT worked after i restarted the computer, I dunno what the [bleep]???

I can't attach the log because it says im not allowed to atach files with this extension (.log)

What should I do?
  • 0

#53
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
copy and paste the log here in your reply
  • 0

#54
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I can't open the file, that's why I wanted to attach it
  • 0

#55
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Rename the file. Change the extension from .log to .txt and then try to attach it
  • 0

Advertisements


#56
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
there you go

Attached Files


  • 0

#57
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

One more try. Carry the fix as far as possible. If you are not able to do some of the things, please leave it and proceed with the rest of the fix.

Please reboot into the Safe Mode (repeatedly tap the F8 key when starting up).

Click on Run (or press Windows key and R key simultaneously). Type Services.msc and hit enter. In the right hand pane, locate the items -

Network DDE Client
Hardware Clock Driver


For each of these entries, right click on it, and then click on properties. In the StartUp type, choose the option Disable.


Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

ISTBar
Internet Optimizer
MyWay
Power Scan


Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\Wflumn
C:\Program Files\ISTsvc
C:\Program Files\Internet Optimizer
C:\Program Files\Internet Optimizer
C:\Program Files\Power Scan
C:\Program Files\MyWay
C:\Program Files\SideFind
C:\Program Files\ISTbar

Files
c:\new.exe
C:\WINDOWS\ohyau.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\wsem303.dll
C:\WINDOWS\System32\hwclock.exe
C:\WINDOWS\System32\netddeclnt.exe
C:\WINDOWS\System32\winupdater.exe
C:\WINDOWS\System32\Twypai.exe
C:\WINDOWS\System32\oif6ak25.exe
C:\WINDOWS\System32\Fmspdy.exe
ntguard32.exe
winhost.exe
Logitech.exe


These files are most likely to be in C:\Windows or C:\Windows\System32 folder.

Reboot the PC and post a fresh HJT log
  • 0

#58
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OK the run didn't work, I got an error message

I removed the programs you talked aout when they were listed. Not all of them were.

Same thing with the files and folders. Not all of them existed. When they were there, I deleted them.

Attached is the HJT log

Attached Files


Edited by Souss, 29 June 2005 - 11:02 AM.

  • 0

#59
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Make sure that you are not connected to internet. If you have DSL / Cable connectivity, then remove the cord connceting the modem to the PC.

Run Hijack This.Click on config ---> Misc Tools ----> Delete an NT service. Enter the following item - hwclock - and hit enter. Repeat the process with NetDDEclnt.

Reboot the PC.

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O4 - HKLM\..\Run: [Logitech] Logitech.exe
O4 - HKLM\..\Run: [WSAConfiguration] ntguard32.exe
O4 - HKLM\..\Run: [Microsoft Update] winupdater.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Fmspdy.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Twypai.exe
O4 - HKLM\..\Run: [oif6ak25] C:\WINDOWS\System32\oif6ak25.exe
O4 - HKLM\..\Run: [Vrbteswr] C:\Program Files\Wflumn\Fdgyzs.exe
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - HKLM\..\RunServices: [Logitech] Logitech.exe
O4 - HKLM\..\RunServices: [WSAConfiguration] ntguard32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winupdater.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Connect back the PC and modem.

Reboot the PC in Safe Mode.

Locate and delete the files -

C:\WINDOWS\System32\Fmspdy.exe
C:\WINDOWS\System32\Twypai.exe
C:\WINDOWS\System32\oif6ak25.exe
C:\Program Files\Wflumn\Fdgyzs.exe
winhost.exe
Logitech.exe
ntguard32.exe
winupdater.exe


Reboot the PC and post a fresh HJT log
  • 0

#60
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Make sure that you are not connected to internet. If you have DSL / Cable connectivity, then remove the cord connceting the modem to the PC.

Run Hijack This.Click on config ---> Misc Tools ----> Delete an NT service. Enter the following item  - hwclock - and hit enter. Repeat the process with NetDDEclnt.



for both I got an error message saying that both programs were enabled and/or running.

Should I go ahead with the fixing that follows?


Reboot the PC.

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O4 - HKLM\..\Run: [Logitech] Logitech.exe
O4 - HKLM\..\Run: [WSAConfiguration] ntguard32.exe
O4 - HKLM\..\Run: [Microsoft Update] winupdater.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Fmspdy.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Twypai.exe
O4 - HKLM\..\Run: [oif6ak25] C:\WINDOWS\System32\oif6ak25.exe
O4 - HKLM\..\Run: [Vrbteswr] C:\Program Files\Wflumn\Fdgyzs.exe
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - HKLM\..\RunServices: [Logitech] Logitech.exe
O4 - HKLM\..\RunServices: [WSAConfiguration] ntguard32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winupdater.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Connect back the PC and modem.

Reboot the PC in Safe Mode.

Locate and delete the files  -

C:\WINDOWS\System32\Fmspdy.exe
C:\WINDOWS\System32\Twypai.exe
C:\WINDOWS\System32\oif6ak25.exe
C:\Program Files\Wflumn\Fdgyzs.exe
winhost.exe
Logitech.exe
ntguard32.exe
winupdater.exe


Reboot the PC and post a fresh HJT log

View Post


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP