This topic is lockedJustin
Malware, still on my comp? [CLOSED]
Started by
Jajo
, Jul 04 2005 01:59 PM
#61
Posted 15 July 2005 - 04:27 PM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
Justin
#62
Posted 15 July 2005 - 06:06 PM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
First update your AVG. Then boot into safe mode and do a full system scan.
reboot into normal mode
You have a number of randomonly named files on your system.
We like to start with an online virus and trojan scan. Even though you may have antivirus software on your system, it can become corrupted by malware.
Please run a free online virus scan at one of these two sites:
ActiveScan
Kaspersky
Save log and post in next reply
And a free trojan scan at one of hese two sites:
Trojan Scan
Trojan Scan2
reboot into normal mode
You have a number of randomonly named files on your system.
We like to start with an online virus and trojan scan. Even though you may have antivirus software on your system, it can become corrupted by malware.
Please run a free online virus scan at one of these two sites:
ActiveScan
Kaspersky
Save log and post in next reply
And a free trojan scan at one of hese two sites:
Trojan Scan
Trojan Scan2
#63
Posted 15 July 2005 - 08:21 PM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
Heh, I would go online and do a scan, But its not connected to the internet. I have 3 computers. The one im typing on right now, The one we just fixed, and then the one we are about to work on. So i cant do online scans, Sorry man
Justin
Justin
#64
Posted 15 July 2005 - 09:28 PM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
Another wierd thing is that when I run AVG, It closes out in the middle of the scan. Its like a virus is stopping it from scanning. Im running a program called Registry Mechanic and its fuond over 1,000 files that have problems on them. So maybe after i get this done, ill run AVG again and maybe it wont close out from the virus's. Ill keep updating to keep you posted 
Justin
Justin
#65
Posted 16 July 2005 - 08:52 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
Still closes out of the program. Something is keeping it from fully running the scan. It did that to spysweeper also. Now what do I do. . .
Justin
Justin
#66
Posted 16 July 2005 - 09:30 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
So you finished none of the programs?
Tom
Tom
#67
Posted 16 July 2005 - 09:31 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
Absolutely none of them. Except for registry mechanic, it got rid of 1325 files. But the other programs wont work.
Justin
Justin
#68
Posted 16 July 2005 - 10:10 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
DOWNLOAD PROGRAMS
Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.
Download CWShredder here to its own folder.
Update CWShredder
- Open CWShredder and click I AGREE
- Click Check For Update
- Close CWShredder
THE FIX
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.
5. Close all browsers, windows and unneeded programs.
6. Open HiJack and do a scan.
7. Put a Check next to the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\5.BIN\MWSSRCAS.DLL
F1 - win.ini: run=C:\WINDOWS\SYSTEM\mouse_configurator.win
O2 - BHO: PopBlock Class - {A25A30C9-6D9A-46D0-A92C-05ABD82A83AE} - C:\PROGRAM FILES\ADBLOCKER\PopupBlocker.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [SystemTasks] C:\filez.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM\Israfel.vbs
O4 - HKLM\..\RunServices: [d2maphack] C:\WINDOWS\SYSTEM\d2maphack.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm414XXUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
8. click the Fix Checked box
9. Please remove these entries from Add/Remove Programs in the Control Panel(if present):
MYWEBSEARCH
ADBLOCKER
10. Please remove the following folders using Windows Explorer (if present):
C:\PROGRAM FILES\ADBLOCKER
C:\PROGRAM FILES\MYWEBSEARCH
11. Please remove just the files from the following paths using Windows Explorer (if present):
C:\filez.exe
C:\WINDOWS\SYSTEM\Kernel32.win
C:\WINDOWS\SYSTEM\Israfel.vbs
C:\WINDOWS\SYSTEM\d2maphack.exe
C:\WINDOWS\SYSTEM\mouse_configurator.win
12. Run the program CleanUp!
13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!
14. Please go here and upload
C:\Windows\System\folder.htt
then please post the results in your next reply.
15. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
Edited by Excal, 16 July 2005 - 10:11 AM.
#69
Posted 16 July 2005 - 10:13 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
I dont have internet on this computer, like the post i posted before, we have only 1 comp online right now. But ill do everything else.
Justin
Justin
#70
Posted 16 July 2005 - 10:23 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
You need to download those 2 programs on the internet computer and transfer to this one.
Tom
Tom
#71
Posted 16 July 2005 - 10:36 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
I was talking about activescan
Justin
Justin
#72
Posted 16 July 2005 - 11:15 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
The C:\Windows\System\folder.htt status is ok. Heres a fresh hijack scan:
Logfile of HijackThis v1.99.1
Scan saved at 1:21:04 PM, on 7/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\REGSRV.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=C:\WINDOWS\SYSTEM\mouse_configurator.win
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\PROGRAM FILES\SLINGSHOT\ties\dlIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7F7-EC7EA385FA7D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM\Israfel.vbs
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Dell Home - {9C31CA00-6082-11D3-8607-00C04FCFBDA1} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
Logfile of HijackThis v1.99.1
Scan saved at 1:21:04 PM, on 7/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\REGSRV.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=C:\WINDOWS\SYSTEM\mouse_configurator.win
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\PROGRAM FILES\SLINGSHOT\ties\dlIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7F7-EC7EA385FA7D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM\Israfel.vbs
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Dell Home - {9C31CA00-6082-11D3-8607-00C04FCFBDA1} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
#73
Posted 17 July 2005 - 01:37 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
Spysweeper
Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:
Open it click >Options over to the left then >Program Options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
THE FIX
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Close all browsers, windows and unneeded programs.
5. Open HiJack and do a scan.
6. Put a Check next to the following items:
F1 - win.ini: run=C:\WINDOWS\SYSTEM\mouse_configurator.win
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7F7-EC7EA385FA7D} - (no file)
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM\Israfel.vbs
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
7. click the Fix Checked box
8. Please remove just the files from the following paths using Windows Explorer (if present):
C:\WINDOWS\SYSTEM\mouse_configurator.win
C:\WINDOWS\SYSTEM\Kernel32.win
C:\WINDOWS\SYSTEM\Israfel.vbs
9. Please post a fresh HiJackThis log. Let me know how your computer is running.
So this can't be hooked to the Internet at all?
Thanks,
Excal
Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:
Open it click >Options over to the left then >Program Options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
THE FIX
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Close all browsers, windows and unneeded programs.
5. Open HiJack and do a scan.
6. Put a Check next to the following items:
F1 - win.ini: run=C:\WINDOWS\SYSTEM\mouse_configurator.win
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7F7-EC7EA385FA7D} - (no file)
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM\Israfel.vbs
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
7. click the Fix Checked box
8. Please remove just the files from the following paths using Windows Explorer (if present):
C:\WINDOWS\SYSTEM\mouse_configurator.win
C:\WINDOWS\SYSTEM\Kernel32.win
C:\WINDOWS\SYSTEM\Israfel.vbs
9. Please post a fresh HiJackThis log. Let me know how your computer is running.
So this can't be hooked to the Internet at all?
Thanks,
Excal
#74
Posted 17 July 2005 - 09:29 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
I can try to get it hooked up, but no promises. . .
Justin
Justin
#75
Posted 17 July 2005 - 09:44 AM
Jajo
- Topic Starter
-
- Member
-
- 56 posts
Member
ok, im on it. And, wow, there is a lot wrong with this. So slow, different color screen. The screen resolution was off. . .So ill do the online scan and post it on here for you
Justin
Justin
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
