Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer 05 [CLOSED]


  • This topic is locked This topic is locked

#31
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at or above REGEDIT 4.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar]



Please download ISTFIX Here
Please do not run yet

Download LQfix Here
save it to your desktop, please do not use yet

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

2. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".


3. Please remove the following folders using Windows Explorer (if present):

C:\PROGRAM FILES\joystick networks
C:\PROGRAM FILES\NewDotNet
C:\PROGRAM FILES\Sqwire
C:\PROGRAM FILES\whInstall
C:\PROGRAM FILES\Windows SyncroAd
C:\PROGRAM FILES\COMMON FILES\InetGet
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
C:\Documents and Settings\Lauren\Favorites\Casino & Carrers
C:\Documents and Settings\Lauren\Favorites\Fun & Games
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl


4. Please remove just the files from the following paths using Windows Explorer (if present):

C:\GatorPatch.log
C:\Program Files\Common Files\Windows\mc-58-12-0000120.exe
C:\Program Files\DNS\cwebpage.dll
C:\WINDOWS\Downloaded Program Files\ATPartners.inf
C:\WINDOWS\Downloaded Program Files\flash.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\system32\BO2810040510.exe
C:\WINDOWS\system32\jjj.exe.tcf
C:\WINDOWS\system32\ongbypyi.dll
C:\WINDOWS\system32\PreUninstallQL.exe
C:\WINDOWS\system32\SplWbr.dll
C:\WINDOWS\system32\teosvzvc.dll
C:\WINDOWS\system32\windows.html
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\system32\xhwxcqqa.dll
C:\WINDOWS\system32\xmltok.dll
C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
C:\WINDOWS\SYSTEM32\qlink32.dll
C:\WINDOWS\SYSTEM32\WinNB57.dll
C:\WINDOWS\SYSTEM32\winnet.ini
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\WINDOWS\180ax_gdf.dat
C:\WINDOWS\bar.exe
C:\WINDOWS\sepsd.bin
C:\WINDOWS\unstall.exe
C:\WINDOWS\usta33.ini
C:\WINDOWS\sb32mon.dll
C:\WINDOWS\weirdontheweb_topc.exe


5. Please run IstFix.

6. Double click on LQFix program u downloaded.
A doswindow will open and close again, this is normal.

7. Run the program CleanUp!

8. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

9. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

Advertisements


#32
bubble00

bubble00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:02:19 PM, on 9/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\Lauren\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intel Centrino2 - Unknown owner - C:\WINDOWS\System32\VsTaskMngr.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Incident Status Location

Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG
Adware:adware/favoriteman No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Adware:adware/xupiter No disinfected C:\PROGRAM FILES\COMMON FILES\SQ
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\Windows
Adware:adware/elitebar No disinfected C:\Documents and Settings\Lauren\Favorites\Finances & Business
Adware:adware/cws No disinfected C:\Documents and Settings\Lauren\Favorites\Going Places
Adware:adware/wupd No disinfected Windows Registry
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Downloaded Program Files\flash.inf


running good
  • 0

#33
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please remove the following folders using Windows Explorer (if present):

C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\COMMON FILES\SQ
C:\PROGRAM FILES\COMMON FILES\Windows
C:\Documents and Settings\Lauren\Favorites\Finances & Business
C:\Documents and Settings\Lauren\Favorites\Going Places


Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG
C:\WINDOWS\Downloaded Program Files\ATPartners.inf
C:\WINDOWS\Downloaded Program Files\flash.inf


let me know how everything is running after this, I think we might have it :)

:tazz:

Excal
  • 0

#34
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP