Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WINFIXER/WINANTISPYWARE [RESOLVED]


  • This topic is locked This topic is locked

#16
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
and have you actually used killbox on those files
  • 0

Advertisements


#17
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Did you copy and paste the filepaths directly into killbox from my diirections?
  • 0

#18
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
And I added them to the drop down box accidently but have not restarted the puter cause I was scared to lose them
  • 0

#19
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I copied, but when I hit paste from clipboard it added 60 files, which included these. Like an idiot I didn't pay attention and hit the x button. Realized what I did and did not restart
  • 0

#20
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok let me thin of a way out of this :tazz:
  • 0

#21
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Hi Guys,

Loophole hope you dont mind me asking a few questions.

Have you rebooted the computer yet since pasting the file in?

If not You can click on Remove Items in the top bar then click on clear list.

If you have rebooted then you will need to put your files back where they were manually.

Can you start by clicking file then history log and pasting any info from the notepad windows that comes up.
  • 0

#22
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Have not rebooted, but did go through all steps up to that. Somehow I deleted the notepad file. BUT it basically listed all the files that are in the Submit folder. If I reboot will I lose all these files? Hoiw can I put them back manually?
  • 0

#23
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Dont Reboot!


Open killbox again
Click tools then go to session manager. This will open regedit. Double click on PendingFileRenameOperations.

This will open another window Highlight and remove all text from this window. Click ok and close out of regedit.

Check to make sure your files are still where they belong.
  • 0

#24
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I must be an expert Botcher, I have 4 experts reading this :tazz:
  • 0

#25
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Remove all files as in delete the files correct?
  • 0

Advertisements


#26
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
dont delete any files
!!!!!!!
  • 0

#27
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
This is the text in the box

\??\C:\Documents and Settings\Kerri\Local Settings\Temporary Internet Files\Content.IE5\index.dat

\??\C:\Documents and Settings\Kerri\Local Settings\Temporary Internet Files\Content.IE5\index.dat

\??\C:\Documents and Settings\Kerri\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Cookies\INDEX.DAT

\??\C:\DOCUME~1\Kerri\LOCALS~1\Temp\JET8EB.tmp

\??\C:\DOCUME~1\Kerri\LOCALS~1\Temp\Perflib_Perfdata_4f0.dat

\??\C:\DOCUME~1\Kerri\LOCALS~1\Temp\JET8EB.tmp

\??\C:\DOCUME~1\Kerri\LOCALS~1\Temp\Perflib_Perfdata_4f0.dat

\??\C:\Documents and Settings\LocalService\Cookies\INDEX.DAT

\??\C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\INDEX.DAT

\??\C:\Documents and Settings\LocalService\Cookies\INDEX.DAT

\??\C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Cookies\INDEX.DAT

\??\C:\Documents and Settings\Kerri\locals~1\tempor~1\Content.IE5\index.dat

\??\C:\Documents and Settings\Kerri\Cookies\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Local Settings\Temp\JET8EB.tmp

\??\C:\Documents and Settings\Kerri\Local Settings\Temp\Perflib_Perfdata_4f0.dat

\??\C:\Documents and Settings\Kerri\Local Settings\Temporary Internet Files\Content.IE5\index.dat

\??\C:\Documents and Settings\Kerri\Cookies\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\Kerri\Local Settings\Temp\JET8EB.tmp

\??\C:\Documents and Settings\Kerri\Local Settings\Temporary Internet Files\Content.IE5\index.dat

\??\C:\Documents and Settings\LocalService\Cookies\INDEX.DAT

\??\C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT

\??\C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT

\??\C:\PROGRA~1\COMMON~1\updmgr

\??\C:\WINDOWS\smdat32a.sys

\??\C:\WINDOWS\System32\smss.exe

\??\C:\WINDOWS\system32\winlogon.exe

\??\C:\WINDOWS\system32\services.exe

\??\C:\WINDOWS\system32\lsass.exe

\??\C:\WINDOWS\system32\svchost.exe

\??\C:\WINDOWS\system32\spoolsv.exe

\??\C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

\??\C:\WINDOWS\system32\drivers\KodakCCS.exe

\??\c:\PROGRA~1\mcafee.com\agent\mcdetect.exe

\??\c:\PROGRA~1\mcafee.com\vso\mcshield.exe

\??\c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

\??\C:\PROGRA~1\COMMON~1\MICROS~1\VS7DEBUG\MDM.EXE

\??\C:\PROGRA~1\McAfee.com\PERSON~1\MPFSER~1.EXE

\??\C:\WINDOWS\System32\SCSIAC~1.EXE

\??\C:\WINDOWS\wanmpsvc.exe

\??\C:\WINDOWS\Explorer.EXE

\??\C:\WINDOWS\system32\hkcmd.exe

\??\C:\WINDOWS\system32\dla\tfswctrl.exe

\??\C:\WINDOWS\System32\DSentry.exe

\??\C:\PROGRA~1\Dell\MEDIAE~1\PCMSER~1.EXE

\??\C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE

\??\C:\PROGRA~1\MUSICM~1\MUSICM~2\mmtask.exe

\??\C:\PROGRA~1\mcafee.com\agent\mcagent.exe

\??\C:\PROGRA~1\COMMON~1\Dell\EUSW\Support.exe

\??\C:\PROGRA~1\McAfee.com\VSO\mcvsshld.exe

\??\C:\PROGRA~1\Dell\Support\Alert\bin\NOTIFY~1.EXE

\??\c:\progra~1\mcafee.com\vso\mcvsescn.exe

\??\C:\PROGRA~1\support.com\bin\tgcmd.exe

\??\C:\PROGRA~1\QUICKT~1\qttask.exe

\??\C:\PROGRA~1\VIEWPO~1\VIEWPO~3\ViewMgr.exe

\??\C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

\??\C:\PROGRA~1\NOVADE~1\GREETI~1\REMIND~1.EXE

\??\C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe

\??\C:\PROGRA~1\MESSEN~1\msmsgs.exe

\??\C:\WINDOWS\system32\ctfmon.exe

\??\C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE

\??\C:\PROGRA~1\DIGITA~1\DLG.exe

\??\C:\PROGRA~1\palmOne\HOTSYNC.EXE

\??\C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

\??\c:\progra~1\mcafee.com\vso\mcvsftsn.exe

\??\C:\PROGRA~1\INTERN~1\iexplore.exe

\??\C:\WINDOWS\system32\NOTEPAD.EXE

\??\C:\DOCUME~1\Kerri\LOCALS~1\Temp\TEMPOR~1.ZIP\HIJACK~1.EXE

\??\C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL

\??\C:\WINDOWS\system32\dla\tfswshx.dll

\??\C:\PROGRA~1\VIEWPO~1\VIEWPO~4\VIEWBA~1.DLL

\??\c:\progra~1\mcafee.com\vso\mcvsshl.dll

\??\C:\PROGRA~1\VIEWPO~1\VIEWPO~4\ViewBar.dll

\??\C:\PROGRA~1\Canon\EASY-W~1\Toolband.dll

\??\C:\WINDOWS\system32\igfxtray.exe

\??\C:\PROGRA~1\COMMON~1\Sonic\UPDATE~1\sgtray.exe

\??\C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

\??\C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

\??\C:\PROGRA~1\AIM\aim.exe

\??\C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE

\??\C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

\??\C:\WINDOWS\System32\Shdocvw.dll

\??\C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

\??\C:\WINDOWS\SYSTEM32\igfxsrvc.dll

\??\C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  • 0

#28
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Delete the list of files in the pendingfilerenameoperation box that opens with my last instruction. This will stop the files from being deleted on reboot
  • 0

#29
JHAT76

JHAT76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK I removed all the above text from the Pending FileRenameOperation
  • 0

#30
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Ahhh I know what you did. You pasted your whole hijackthis log into the paste from clipboard.

Ok check to make sure your files are intact in the correct folders
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP