noahdfear

Volunteer Security Advisor
  • Content Count

    325
  • Joined

  • Last visited

Community Reputation

0 Neutral

5 Followers

About noahdfear

  • Rank
    Advanced Member
  • Birthday 04/08/1965

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    New Bremen, OH. USA
  1. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  2. About all I can do is point you in the right direction. Start your Norton program. On the Norton product tab, click Tasks & Scans. Click Manage Quarantined Items, and then click Go to Quarantine. You may have to select each item and click More Details to get an option to remove it.
  3. Looks great, Anna! Delete the following files then empty the recycle bin. C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe That should finish things up. Everything seem to be working as it should? miekiemoes has put together a great page full of prevention information and tips that I recommend you check out.
  4. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  5. Looks good. Lets tidy up a bit and run an online scan to make sure we haven't missed something. Click Start>Run and type ComboFix /u to remove ComboFix and the files it quarantined. Download ATF Cleaner by Atribune and save it to your Desktop. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin [*]The rest are optional - if you want it to remove everything check "Select All". [*]Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit. [*]If you use Firefox or Mozilla, I recommend you clean there cookies and temps too. Reboot Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. Post the Kaspersky log and one more fresh HijackThis log.
  6. Let's first make a backup of that registry key. Again, copy the following bolded command and paste it on the Run line. regedit /e "%userprofile%\desktop\cmap.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole" It will create a reg file on your desktop named cmap.reg Verify the reg file is present prior to continuing. Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as; Filename: fix.reg Save as type: All Files (*.*) REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMAPHOLE] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}] Double click fix.reg and allow it to merge with the registry. Scan again with HijackThis and place a check next to the following entry then click Fix Checked. O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe Reboot and run another scan with dss and post the log please. BTW, I failed to respond to your question about the USB backup drive ..... sorry. It should be OK, but you should probably run a virus scan on it once we get this all cleaned up.
  7. Looks great! All of the infected files found are in quarantine. Open the Norton interface and delete all quarantined items, then empty the recycle bin. Your computer is now clean! miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. You're very wlecome, Hillarie. Surf safe!
  8. All cookies Support will end for Ad-aware SE at the close of the year. Ad-aware 2007 is here to stay, until it's replaced with an upgraded version.
  9. I'm a bit confused by the presence of the wininit.ini file. It is a commonly used file on Windows 95, 98 and ME to delete files in use on reboot, but has generally been replaced by a registry value in Windows 2000, XP and Vista. Lets get rid of it, and check for the presence of the files it was aimed at. Look for and delete the following files if found. C:\tempjunk7940.tmp C:\tempjunk9580.tmp C:\Documents and Settings\All Users\Application Data\wdcpcnez.dll_tobedeleted_old C:\WINDOWS\system32\winbue32.dll_tobedeleted_old C:\WINDOWS\wininit.ini Your logs look good otherwise. Click Start>Run and type ComboFix /u then hit enter to remove ComboFix. Delete the following. VundoFix.exe dss.exe Then empty the recycle bin. Let do an online scan to be sure we haven't missed something. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. Post the Kaspersky log and one more fresh HijackThis log. Let me know how your computer is behaving.
  10. Still a few things to check out. Please highlight and copy the following bolded command (both lines at once, including quotes). regedit /e "%userprofile%\desktop\cmap.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole" Click Start>Run and paste the command on the Run line then hit enter. A file named cmap.txt should appear on your desktop. Please open it and post it's contents here. Please create and post a fresh HijackThis log as well.
  11. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  12. That's great! Glad I could help. miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. Surf safe!
  13. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) Folder:: C:\Program Files\Lcufneyf C:\Program Files\Frfmgdtl Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8bfd870-88ae-4969-87d4-2e4f2459c5a4}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32] Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log. Please do not click on the ComboFix window while it is running a scan. This can cause it to stall. Please open the following file with notepad and post it's contents here, if present. C:\WINDOWS\wininit.ini