noahdfear

Volunteer Security Advisor
  • Content Count

    325
  • Joined

  • Last visited

Everything posted by noahdfear

  1. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  2. About all I can do is point you in the right direction. Start your Norton program. On the Norton product tab, click Tasks & Scans. Click Manage Quarantined Items, and then click Go to Quarantine. You may have to select each item and click More Details to get an option to remove it.
  3. Looks great, Anna! Delete the following files then empty the recycle bin. C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe That should finish things up. Everything seem to be working as it should? miekiemoes has put together a great page full of prevention information and tips that I recommend you check out.
  4. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  5. Looks good. Lets tidy up a bit and run an online scan to make sure we haven't missed something. Click Start>Run and type ComboFix /u to remove ComboFix and the files it quarantined. Download ATF Cleaner by Atribune and save it to your Desktop. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin [*]The rest are optional - if you want it to remove everything check "Select All". [*]Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit. [*]If you use Firefox or Mozilla, I recommend you clean there cookies and temps too. Reboot Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. Post the Kaspersky log and one more fresh HijackThis log.
  6. Let's first make a backup of that registry key. Again, copy the following bolded command and paste it on the Run line. regedit /e "%userprofile%\desktop\cmap.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole" It will create a reg file on your desktop named cmap.reg Verify the reg file is present prior to continuing. Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as; Filename: fix.reg Save as type: All Files (*.*) REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMAPHOLE] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}] Double click fix.reg and allow it to merge with the registry. Scan again with HijackThis and place a check next to the following entry then click Fix Checked. O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe Reboot and run another scan with dss and post the log please. BTW, I failed to respond to your question about the USB backup drive ..... sorry. It should be OK, but you should probably run a virus scan on it once we get this all cleaned up.
  7. Looks great! All of the infected files found are in quarantine. Open the Norton interface and delete all quarantined items, then empty the recycle bin. Your computer is now clean! miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. You're very wlecome, Hillarie. Surf safe!
  8. All cookies Support will end for Ad-aware SE at the close of the year. Ad-aware 2007 is here to stay, until it's replaced with an upgraded version.
  9. I'm a bit confused by the presence of the wininit.ini file. It is a commonly used file on Windows 95, 98 and ME to delete files in use on reboot, but has generally been replaced by a registry value in Windows 2000, XP and Vista. Lets get rid of it, and check for the presence of the files it was aimed at. Look for and delete the following files if found. C:\tempjunk7940.tmp C:\tempjunk9580.tmp C:\Documents and Settings\All Users\Application Data\wdcpcnez.dll_tobedeleted_old C:\WINDOWS\system32\winbue32.dll_tobedeleted_old C:\WINDOWS\wininit.ini Your logs look good otherwise. Click Start>Run and type ComboFix /u then hit enter to remove ComboFix. Delete the following. VundoFix.exe dss.exe Then empty the recycle bin. Let do an online scan to be sure we haven't missed something. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. Post the Kaspersky log and one more fresh HijackThis log. Let me know how your computer is behaving.
  10. Still a few things to check out. Please highlight and copy the following bolded command (both lines at once, including quotes). regedit /e "%userprofile%\desktop\cmap.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole" Click Start>Run and paste the command on the Run line then hit enter. A file named cmap.txt should appear on your desktop. Please open it and post it's contents here. Please create and post a fresh HijackThis log as well.
  11. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  12. That's great! Glad I could help. miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. Surf safe!
  13. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) Folder:: C:\Program Files\Lcufneyf C:\Program Files\Frfmgdtl Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8bfd870-88ae-4969-87d4-2e4f2459c5a4}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32] Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log. Please do not click on the ComboFix window while it is running a scan. This can cause it to stall. Please open the following file with notepad and post it's contents here, if present. C:\WINDOWS\wininit.ini
  14. You're most welcome. Glad I could help! Not necessary to check the laptop, but I'm more than happy to have a look if you're concerned.
  15. Kaspersky does not like your Winny2 and Share10_ex2 p2p clients. Otherwise not bad. Open the Java Plug-in in the Control Panel and delete the temporary files. If you're satisfied that the computer is working properly, I recommend you clear the System Restore points. Clear past system restore points and create a new one. Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog. Verify a new restore point was created. Click Start>All Programs>Accessories>System Tools>System Restore Select 'Restore my computer to an earlier time', then click next. You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next. That should finish things up. How is your computer performing now?
  16. Highlight and copy the bolded command below. sc stop cmaphole Click Start>Run then paste the command and hit enter. Now do the next command. sc config cmaphole start=disabled Download Flash_Disinfector by sUBs and save it to your desktop: NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download. Plug in your USB flash drive. Double-click Flash_Disinfector.exe to run it. Follow any prompts that may appear. Your desktop will vanish for a while, and then reappear. This is normal. Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) File:: C:\WINDOWS\system32\2032.lps C:\WINDOWS\system32\opseti C:\WINDOWS\system32\msanton.exe C:\Documents and Settings\Martin Edge\wn852.exe C:\WINDOWS\system32\timoty.exe C:\WINDOWS\windisk.dll C:\WINDOWS\trayicons.exe Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log. Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
  17. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  18. You're most welcome. Glad I could help. It would be great if you didn't re-install any p2p file sharing apps. They are merely an avenue ........ make that a super-highway ........... for infection. Good luck, bad luck ...... the fact is, odds are against you and sooner or later you will be infected again. Next time it could be fatal to your operating system.
  19. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it quarantined. Download ATF Cleaner by Atribune and save it to your Desktop. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin [*]The rest are optional - if you want it to remove everything check "Select All". [*]Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK. Reboot If you're satisfied that the computer is working properly, clear the System Restore points. They are infected. Clear past system restore points and create a new one. Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog. Verify a new restore point was created. Click Start>All Programs>Accessories>System Tools>System Restore Select 'Restore my computer to an earlier time', then click next. You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next. Your computer is now clean! miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. Surf safe!
  20. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  21. 1 set of commands deleted a leftover rogue file, the other was to remove a temporary cleanup service for McAfee, which it didn't do but it's nothing to worry about. Glad to hear things are working fine and I was happy to help. miekiemoes has put together a great page full of prevention information and tips that I recommend you check out. Surf safe!
  22. Looks good. Lets make sure we haven't missed something. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select a target to scan: Select My Computer [*]This will program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: [*]Save the file to your desktop. Post the Kaspersky log.
  23. Looks great! Click Start>Run and type ComboFix /u to remove ComboFix and the files it quarantined. Delete dss.exe and C:\Deckard if present. Empty the recycle bin. Any problems remaining?