Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Currently Sorting Problem, thanks all.

Started by Ldee , Jun 24 2005 04:22 PM

  • This topic is locked This topic is locked

#1
Ldee
Posted 24 June 2005 - 04:22 PM

Ldee

    Member

  • Member
  • PipPip
  • 67 posts
Ive tried posting my problem here a few times but no body ever replies and other people get 10 replies within minutes, why?

Anyway, just in case this is the hijack this log,

thanks


Logfile of HijackThis v1.99.1
Scan saved at 23:10:06, on 24/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\system32\LSSAS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\msmsgr2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pork\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {84749F6A-A353-4C08-8FBB-D3EA7D19DC10} - (no file)
O2 - BHO: (no name) - {F6286FEF-0C72-409E-B374-6D9E1392D69B} - C:\WINDOWS\System32\nimm.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O18 - Filter: text/html - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O18 - Filter: text/plain - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)

Edited by Ldee, 24 June 2005 - 07:25 PM.

  • 0

Advertisements

#2
Trevuren
Posted 24 June 2005 - 05:04 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Ldee and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#3
Ldee
Posted 24 June 2005 - 05:42 PM

Ldee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks for replying Trevuren!


Logfile of HijackThis v1.99.1
Scan saved at 00:36:40, on 25/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\system32\LSSAS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\msmsgr2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {84749F6A-A353-4C08-8FBB-D3EA7D19DC10} - (no file)
O2 - BHO: (no name) - {F6286FEF-0C72-409E-B374-6D9E1392D69B} - C:\WINDOWS\System32\nimm.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O18 - Filter: text/html - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O18 - Filter: text/plain - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
  • 0

#4
Trevuren
Posted 24 June 2005 - 05:57 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your major problem is a variant of the About:Blank infection. This we will tackle first, then the rest.

1. Download CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of Winzip.


2. Download SpSeHjfix.zip to the desktop.

* Then right click on the desktop and select new >folder, name it spfix.

* Unzip SpSeHjfix.zip into the new folder.

3. Disconnect from the net and Close ALL OPEN PROGRAMS.

4. Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

5. Once it is finished, run CWShredder - Hit The FIX button!

6. Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.
Regards,

Trevuren
  • 0

#5
Kat
Posted 24 June 2005 - 06:05 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

Ive tried posting my problem here a few times but no body ever replies and other people get 10 replies within minutes, why?


Sorry to jump in your topic, Trevuren. I want to address this, though! ;)

Hello LDee. You posted your first topic last night around 10:30pm Central time. MOST people who post here wait 3-5 days before being helped, that is how long our backlog is. Also, you had started four separate topics, instead of sticking to just ONE, which ends up causing our Staff members to duplicate their workload. I have now closed your other topics, please stick to this one. You are in great hands with Trevuren here. He will surely have you fixed up in no time! :tazz:
  • 0

#6
Ldee
Posted 24 June 2005 - 07:21 PM

Ldee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Yes Kat your right,
sorry about that, im new to forums really and i found it pretty confusing at first. I was just commenting on the fact that it seemed for a while i was getting no replies so i thought i was not following protocol of the website forum or something. I will try to keep my presence to a minimum in future, thanks for deleting the other posts, this is quite enough. Thanks to Trevuren, i am just about to try the lastest instructions you have given me, i should be posting logs soon.
Thank you
L D
  • 0

#7
Ldee
Posted 24 June 2005 - 07:59 PM

Ldee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hi Trevuren,
ok, here are the two logs you requested, just to let you know, after running SpSeHjfix and rebooting it came back to the first screen of SpSeHjfix again as if nothing had happened so i clicked disinfect again and it rebooted again, after that time i ran cwshredder.

Logfile of HijackThis v1.99.1
Scan saved at 02:40:41, on 25/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\system32\LSSAS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\msmsgr2.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {84749F6A-A353-4C08-8FBB-D3EA7D19DC10} - (no file)
O2 - BHO: (no name) - {F6286FEF-0C72-409E-B374-6D9E1392D69B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)

_________________________________________________________

SPSeHjFix Log:

(6/25/05 02:33:59) SPSeHjFix started v1.1.2
(6/25/05 02:33:59) OS: WinXP Service Pack 1 (5.1.2600)
(6/25/05 02:33:59) Language: english
(6/25/05 02:33:59) Win-Path: C:\WINDOWS
(6/25/05 02:33:59) System-Path: C:\WINDOWS\System32
(6/25/05 02:33:59) Temp-Path: C:\DOCUME~1\Pork\LOCALS~1\Temp\
(6/25/05 02:34:09) Disinfection started
(6/25/05 02:34:09) Bad-Dll(IEP): (not found)
(6/25/05 02:34:09) Bad-Dll(IEP) in BHO: (not found)
(6/25/05 02:34:09) UBF: 4 - UBB: 2 - UBR: 10
(6/25/05 02:34:09) UBF: 4 - UBB: 2 - UBR: 10
(6/25/05 02:34:09) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(6/25/05 02:34:09) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
(6/25/05 02:34:09) Stealth-String not found
(6/25/05 02:34:09) File added to delete: c:\docume~1\pork\locals~1\temp\se.dll
(6/25/05 02:34:09) Reboot


(6/25/05 02:35:27) SPSeHjFix started v1.1.2
(6/25/05 02:35:27) OS: WinXP Service Pack 1 (5.1.2600)
(6/25/05 02:35:27) Language: english
(6/25/05 02:35:27) Win-Path: C:\WINDOWS
(6/25/05 02:35:27) System-Path: C:\WINDOWS\System32
(6/25/05 02:35:27) Temp-Path: C:\DOCUME~1\Pork\LOCALS~1\Temp\
(6/25/05 02:36:29) Disinfection started
(6/25/05 02:36:29) Bad-Dll(IEP): (not found)
(6/25/05 02:36:29) Bad-Dll(IEP) in BHO: (not found)
(6/25/05 02:36:29) UBF: 4 - UBB: 2 - UBR: 10
(6/25/05 02:36:29) UBF: 4 - UBB: 2 - UBR: 10
(6/25/05 02:36:29) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(6/25/05 02:36:29) Bad IE-pages: (none)
(6/25/05 02:36:29) Stealth-String not found
(6/25/05 02:36:29) File added to delete: c:\docume~1\pork\locals~1\temp\se.dll
(6/25/05 02:36:29) Reboot


(6/25/05 02:37:49) SPSeHjFix started v1.1.2
(6/25/05 02:37:49) OS: WinXP Service Pack 1 (5.1.2600)
(6/25/05 02:37:49) Language: english
(6/25/05 02:37:49) Win-Path: C:\WINDOWS
(6/25/05 02:37:49) System-Path: C:\WINDOWS\System32
(6/25/05 02:37:49) Temp-Path: C:\DOCUME~1\Pork\LOCALS~1\Temp\
  • 0

#8
Trevuren
Posted 24 June 2005 - 08:31 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
This didn't go exactly as planned. We have to rerun this fix and I added steps 1 and 2. Be sure you unplug from the internet when they ask you to.

1. I need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Options, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware
2. We must also disable Tea Timer which could interfere with the fix:

Right click the running icon of spybot's teatimer, and choose exit

3. Download CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of Winzip.


Download SpSeHjfix.zip to the desktop.
Then right click on the desktop and select new >folder, name it spfix.
Unzip SpSeHjfix.zip into the new folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Once it is finished, run CWShredder - Hit The FIX button!

Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP