rookie147

Volunteer Security Advisor
  • Content Count

    76
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rookie147

  • Rank
    Advanced Member
  • Birthday 12/29/1990

Contact Methods

Profile Information

  • Location
    near London, England
  1. Hey Nyn, Once again this is about as far as my knowledge of these subjects go, so I think it would be best if you posted in one of the earlier linked forums, and an expert in this field could help you. Sorry, but I think this is the way you'll recieve the best help, Charles
  2. Hey again, Go to the following link, and follow the instructions for installing SP2: http://www.microsoft.com/windowsxp/using/s...installsp2.mspx After you've done all of the above: Please right-click your My Computer icon, and select Properties. Go to the General tab. Under the "System" heading, look for which service pack is installed. Let me know what it says in your next post. Thanks, Charles
  3. Hey there, sorry for the delay in getting back to you. Try downloading Service Pack 2 manually from here: http://www.microsoft.com/windowsxp/sp2/default.mspx Let me know if this works.. Thanks, Charles
  4. Hey Steve, We'll try another scanner instead of Panda: Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Follow the Instruction here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply. Please post me back that log, also telling me how things are running. Thanks, Charles
  5. Hey there, sorry about the delay.. Download KillBox from the following link : http://www.bleepingcomputer.com/files/killbox.php Unzip the folder to your Desktop. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button,which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: C:\WINDOWS\SYSTEM32\xlibgfl254.dll Open 'File' in the menu on top and choose Paste from clipboard You must use the File menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click Yes. Click OK at any Pending File Rename Operations prompt, let me know if they appear. If you don't get that message, reboot manually. Your computer should reboot now. Please run Panda's ActiveScan instead, since you seem to be having a few problems with Kaspersky. Once you are on the Panda site click the Scan your PC button A new window will open, click the Check Now button. Enter your personal details. Click the big Scan Now button. It will ask to install various content - please allow this. It will start downloading the files it requires for the scan, which may take a while. When download is complete, click on Local Disks to start the scan. When the scan completes, click the See Report button. Click Save Report and save the file to your Desktop, so you can post this log in your next reply. Please post me back the Panda report and let me know how things are running. Thanks, Charles
  6. Hey Nyn, To be honest with you, partitions are not my strong point when it comes to computers, so I'm afraid I'm unable to help you any further. What I can suggest though is that you register at another forum (one of those I've linked you to below) and post your problem there. In these forums, experts on this sort of problem will be able to help you, and hopefully they will be able to provide you with a solution. Here are a couple of websites I suggest: BleepingComputer GeeksToGo Please give a link to this thread in your topic, and I hope that your problem will be solved. Thanks, Charles
  7. Hello, One way that you can free up some extra space on your computer is by "defragmenting" it. Over time, the data on your hard drive gets scattered. Defragging a computer puts your data back into sequential order, making it easier for Windows to access it. As a result, the performance of your computer will improve if you defrag the computer. To do so, follow these steps: Go to Start | All Programs | Accessories | System Tools Click on Disk Defragmenter. Select the drive you wish to defragment, by clicking on it. Then press Defragment at the bottom. This can take quite a while to run, so please be patient. You will obviously need to do this for both of your hard drives, both C: and D: . As for managing your partitions, I can recommend a program called Partition Magic, a free trial of which can be downloaded from the following link: http://www.soft32.com/download_151.html AVG antivirus should n't only be a 30-day trial, the free version last forever. There is, however, a 30-day trial of the Professional edition, but I'm pretty sure that you don't have this version. The lnik I gave you was to the free version, and it also shows up as "AVGFREE" in your HijackThis log. This version will not run out... Set your system to not show all files. Navigate to Start | My Computer | Tools | Folder Options. Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders". Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer. Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is. Even though you are complaining of a lack of space on your hard drive, I have a list of programs that I usually suggest people install on their computer once they are free from malware: Ad-Aware SE A tutorial on using Ad-Aware to remove spyware from your computer may be found here. Spybot-Search & Destroy A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features. SpywareBlaster A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here. Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle. Please also read Tony Klein's excellent article: How I got Infected in the First Place If, of course, you encounter any more problems, please let me know and I'll try my best to sort them out for you. Thanks and happy computing, Charles
  8. Hey Nyn, You can delete all of the tools I've asked you to download if you want to. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Please download ATF Cleaner. Don't run it yet. Please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Double click ATF-Cleaner.exe to run the program. Under Main choose Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose Select All Click the Empty Selected button. Note: If you would like to keep your saved passwords, please click "No" at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. Note: If you would like to keep your saved passwords, please click "No" at the prompt. Click Exit on the main menu to close the program. Next, please find and delete the following files/folders (if present): C:\WINDOWS\aod <--Folder D:\MIRACLE\ToBurn\Icq stuff\RadLight3.exe[RPK.exe] <--File D:\MIRACLE\ToBurn\Icq stuff\RadLight3.exe[VVSN_RDLT0541Inst.exe] <--File D:\MIRACLE\ToBurn\Icq stuff\RadLight3SE.exe[VVSN_RDLT0504Inst.exe] <--File D:\MIRACLE\ToBurn\Icq stuff\RadLight3SE.exe[RPK.exe] <--File Reboot into Normal Mode. In your next post please let me know- how are things running? Thanks, Charles
  9. Due to lack of feedback, this topic is now closed. If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  10. Since this issue appears resolved, this topic is now closed. If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  11. Hello Nyn, Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Scan again with HijackThis and put a checkmark next to each of the following entries (if present): O20 - Winlogon Notify: instcat - instcat.dll (file missing) Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. Please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Set your system to show all files. Navigate to Start | My Computer | Tools | Folder Options. Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders". Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Next, please find and delete the following files/folders (if present): C:\WINDOWS\www.google.com <--Folder C:\www.google.com <--Folder C:\Documents and Settings\Local Settings\Application Data\SystemDoctor 2006 Free <--Folder C:\Documents and Settings\MIRACLE\Application Data\DriveCleaner Free <--Folder C:\Documents and Settings\Local Settings\Application Data\DriveCleaner Free <--Folder C:\Program Files\Common Files\DriveCleaner Free <--Folder C:\Documents and Settings\MIRACLE\~tmp0374.exe <--File C:\WINDOWS\system32\v6.exe <--File The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first. Backup the Registry: Navigate to Start | Run and paste the following: regedit /e c:\registrybackup.reg Now click OK It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass. Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!) Save this as fix.reg Choose to save as *all files and place it on your Desktop. It should look like this: Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK. Reboot into Normal Mode. Open Notepad and copy and paste the following text in the quote box into the window: Save this as fix.bat Choose to save as all files. This is how the batch must look afterwards: Doubleclick fix.bat and let the program run. A small black dos window will flash, this is normal. Please post the contents of the text reply that opens back here. Please run Panda's ActiveScan. Once you are on the Panda site click the Scan your PC button A new window will open, click the Check Now button. Enter your personal details. Click the big Scan Now button. It will ask to install various content - please allow this. It will start downloading the files it requires for the scan, which may take a while. When download is complete, click on Local Disks to start the scan. When the scan completes, click the See Report button. Click Save Report and save the file to your Desktop, so you can post this log in your next reply. Please post me back look.txt, along with a new HijackThis log and the Panda report Thanks, Charles
  12. Hey Steve, Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. Please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first. Backup the Registry: Navigate to Start | Run and paste the following: regedit /e c:\registrybackup.reg Now click OK It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass. Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!) Save this as fix.reg Choose to save as *all files and place it on your Desktop. It should look like this: Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK. Next, please find and delete the following files/folders (if present): C:\WINDOWS\SYSTEM32\xlibgfl254.dll <--File C:\Documents and Settings\Steve\Application Data\ultra/b] <--Folder C:\winstall.exe/b] <--File We need to do a search for some files. Navigate to: Start | Search | For Files and Folders. Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders. Paste this into the Search for files and folders named box: ntoskrnl.dll If you find an example of this file, please remove it. Reboot into Normal Mode again. Please do an online scan with Kaspersky WebScanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on Next Select a target to scan; click on My Computer The scan will take a while so be patient and let it run. Once the scan is complete choose the option to Save as Text Post these results in your next reply. Please post me back the Kaspersky report. Thanks, Charles
  13. Hello Nyn, Things are looking a bit better already. You can delete BlackLight now; we won't be needing it any more. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Scan again with HijackThis and put a checkmark next to each of the following entries (if present): O4 - HKLM\..\Run: [syswin] C:\DOCUME~1\MIRACLE\LOCALS~1\Temp\x1006.exe O4 - HKLM\..\Run: [ChkDisk] C:\WINDOWS\System32\chk_disk.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...FreeInstall.cab O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - (no file) Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. Please download ATF Cleaner. Don't run it yet. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button,which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: C:\WINDOWS\System32\chk_disk.exe C:\WINDOWS\SYSTEM32\instcat.dll Open 'File' in the menu on top and choose Paste from clipboard You must use the File menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click Yes. Click OK at any Pending File Rename Operations prompt, let me know if they appear. If you don't get that message, reboot manually. Your computer should reboot now. PressF8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Double click ATF-Cleaner.exe to run the program. Under Main choose Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose Select All Click the Empty Selected button. Note: If you would like to keep your saved passwords, please click "No" at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. Note: If you would like to keep your saved passwords, please click "No" at the prompt. Click Exit on the main menu to close the program. Reboot into Normal Mode again. Download Combofix to your Desktop. Double click combofix.exe Follow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. Post that in your next reply. Please do an online scan with Kaspersky WebScanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on Next Select a target to scan; click on My Computer The scan will take a while so be patient and let it run. Once the scan is complete choose the option to Save as Text Post these results in your next reply. Please post me back the Kaspersky report, along with a new Hijackthis log and the ComboFix log Thanks, Charles
  14. Hey there, It looks to me like you posted the ComboFix log twice, and forgot to include C:\rapport.txt. Please post me this in your next reply. Thanks, Charles