Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I'm back again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I'm back again

Unread postby TWYLYGHT » July 7th, 2007, 6:43 pm

This time I have no real clue as to waht has got me. So, I need your help.

Here's the Hijakthis file.

Logfile of HijackThis v1.99.1
Scan saved at 6:28:22 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\sistray.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\jfhwjafd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {79DB87EB-FB29-403C-8CFB-20D51C5CB1C8} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\cbxuvwu.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\catskuse.dll",forkonce
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "D:\PrintScreen\PrintScreen.exe" /nosplash
O4 - Startup: Stardock ObjectDock.lnk
O4 - Global Startup: E-Color.lnk
O4 - Global Startup: Utility Tray.lnk
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: cbxuvwu - C:\WINDOWS\SYSTEM32\cbxuvwu.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: WBSrv - D:\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Thanks
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am
Advertisement
Register to Remove

Unread postby Navigator » July 7th, 2007, 10:55 pm

Hello TWYLYGHT...welcome to Malware Removal! You have a Vundo infection...

1. Open HijackThis, click Open Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

2. Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encounters a file it can not remove. In this case, VundoFix will run again on reboot,

If this occurs, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

3. Post back with:
  • the Uninstall list
  • the Vundofix log
  • a new HJT log
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 8th, 2007, 5:04 am

Thanks so much. Will follow your instruction when I get home from work today.
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 11th, 2007, 8:58 pm

Do you still need help?
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 13th, 2007, 6:35 pm

Yes, I haven't had time to do as instructed because of over time at work. I'm heading back there now. Will be off work tomorrow and will follow through with your instructions then.

Thank you.
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 13th, 2007, 7:59 pm

No problem, I just didn't want the thread to be considered inactive.

I'll be in and out from Sat-Thurs (I'm going out of town), but will check in and reply back when I can.

Good luck!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 14th, 2007, 11:48 am

Sorry I couldn't figure out how to save the Vundofix log. It did remove what it needed to.

Here's the Unstall list and the HJT log

UNINSTALL LIST

3Deep
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
AIM 6
AOpen AOConfig 2.00.06
AOpen EzSkin 2.00.03
AOpen WinDMI 1.00.09
avast! Antivirus
BookWorm Deluxe
Canon PIXMA iP1500
Crawler Toolbar with Web Security Guard
Easy-WebPrint
E-Color Indicator
Flip Words
Gadwin PrintScreen
Hijackthis 1.99.1
HijackThis 1.99.1
Hoyle Board Games 3 Demo
Hoyle Card Games 4
Hoyle Casino 4 Demo
Hoyle Word Games Demo
InCD EasyWrite Reader
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Kaspersky Online Scanner
Macromedia Flash Player 8
Micrografx Picture Publisher 8
MSN
Nero Media Player
Nero OEM
NeroVision Express 2
NeroVision Express 2 Content
Netscape Browser (remove only)
ObjectDock
PhotoFiltre
Realtek AC'97 Audio
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spyware Terminator
SpywareBlaster v3.5.1
TrojanHunter 4.7
TuneUp Utilities 2006
Viewpoint Media Player
WindowBlinds
Windows Live Messenger
WinRAR archiver
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail


Logfile of HijackThis v1.99.1
Scan saved at 11:45:17 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\sistray.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: (no name) - {B4BBDAD8-8444-4E6E-98D4-517A945A04BE} - C:\WINDOWS\system32\gebcy.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "D:\PrintScreen\PrintScreen.exe" /nosplash
O4 - Startup: Stardock ObjectDock.lnk
O4 - Global Startup: E-Color.lnk
O4 - Global Startup: Utility Tray.lnk
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WBSrv - D:\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 17th, 2007, 9:17 am

Hello TWYLIGHT....sorry for the delay, I am away from home.

I see you have Viewpoint installed. While this was previously considered foistware rather than malware per se (i.e. it installed without user approval but did not 'spy' or do anything 'bad'), this has changed:

http://www.clickz.com/showPage.html?page=3561546

The instructions below contain information to remove Viewpoint, however the choice is yours. After reading the above link you decide that you want to keep it, leave out the remove Viewpoint instructions below and continue on with the rest of the instructions.


1. First download AVG anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Un-select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it to your desktop, we will use it later.

3 Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: (no name) - {B4BBDAD8-8444-4E6E-98D4-517A945A04BE} - C:\WINDOWS\system32\gebcy.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.

Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Please remove these entries from Add/Remove Programs in the Control Panel(if present). Click start>>control panel>>add/remove programs:

Viewpoint Media Player


5. Please delete these files using Windows Explorer(if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\WINDOWS\xhelper.dll


6. Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

7. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG and reboot your system back into Normal Mode.

8. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

9. Post the contents of the:
  • ActiveScan report
  • the AVG Scan report
  • a new HJT log
  • let me know what problems you are having with your system
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 17th, 2007, 12:10 pm

Wow a lot of instruction there. LOL

I have Avast Antivirus, will that not work as well as AVG. I've used AVG n the past and have since found out that Avast is far better.

I'm not going to have time today to do as instructed. Will print out your instructions and follow them after work tomorrow.

Thanks.
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 17th, 2007, 9:47 pm

You are welcome.

The AVG I am asking you to get a scan from is not the AVG antivirus, but the AVG anti-spyware...it is a 30 day free trial, and after the scan you of course would be free to remove it from your system. The anti-spyware program is quite good.

There are a lot of instructions, but it shouldn't take very long.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 18th, 2007, 5:54 am

Navigator wrote:You are welcome.

The AVG I am asking you to get a scan from is not the AVG antivirus, but the AVG anti-spyware...it is a 30 day free trial, and after the scan you of course would be free to remove it from your system. The anti-spyware program is quite good.

There are a lot of instructions, but it shouldn't take very long.


I see. One question. Will it conflict with the anti-spyware I currently have installed?

Once again I'm off to work. Will get this done later today.

Thanks again. :)
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 18th, 2007, 9:11 am

TWYLYGHT wrote:
Navigator wrote:You are welcome.

The AVG I am asking you to get a scan from is not the AVG antivirus, but the AVG anti-spyware...it is a 30 day free trial, and after the scan you of course would be free to remove it from your system. The anti-spyware program is quite good.

There are a lot of instructions, but it shouldn't take very long.


I see. One question. Will it conflict with the anti-spyware I currently have installed?

Once again I'm off to work. Will get this done later today.

Thanks again. :)


Most anti=spyware programs play well in the 'computer sandbox' if you will...unlike anti-virus programs and firewalls where two is one too many.

Another thing I wanted to mention to you (and would have later) is to ask you what you think of Spyware Terminator which is installed on your system...that program has been listed on the suspected 'rogue' antispyware lists in the past. While it has now been removed from the possible rogue list, I am not aware of any computer security experts that recommned it's use. Perhaps it is OK, but I don't know. Here is a list of rogue programs (there are many):

http://www.spywarewarrior.com/rogue_ant ... m#products

And here is a nice list of 'good' anti-spyware programs that have held up as quality over time and repeated use:

http://www.spywarewarrior.com/rogue_ant ... rustworthy

As I said, after we get the AVG anti-spyware scan, you can feel free to remove it from your computer.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 18th, 2007, 10:40 am

Hi,
I'm quite happy with Spyware Terminator and their Crawler Search. It "appears" to be doing as it promises to do. Since running VundoFix Spyware Terminator had blocked and stopped all the same programs that gave me the problems. They can no longet download to my computer and install themselves.
I know a number of people that use the program and they as happey with it as well.

Now, sadly, I've been informed I'm on over time today. This puts off the computer fixing until tomorrow as I don't know what time I will get off today. At least they were kind enough to give me a lunch break today. :lol:
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am

Unread postby Navigator » July 18th, 2007, 8:47 pm

TWYLYGHT wrote:Hi,
I'm quite happy with Spyware Terminator and their Crawler Search. It "appears" to be doing as it promises to do. Since running VundoFix Spyware Terminator had blocked and stopped all the same programs that gave me the problems. They can no longet download to my computer and install themselves.
I know a number of people that use the program and they as happey with it as well.

Now, sadly, I've been informed I'm on over time today. This puts off the computer fixing until tomorrow as I don't know what time I will get off today. At least they were kind enough to give me a lunch break today. :lol:


No problem.

I'll be travelling tomorrow back home from vacation, and I will reply when I am able...no later than the weekend.

Good luck
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby TWYLYGHT » July 23rd, 2007, 4:45 pm

LOL Between your vacation and my job we are having a hard time connecting here.
I'm printing out your last instructions now and following through with them.

I'll post up what I'm supposed to and post it when the job is done.............fingers crossed I don't get called into work durning this process! :shock:
TWYLYGHT
Regular Member
 
Posts: 35
Joined: June 22nd, 2007, 9:17 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware