Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

My Hijack File

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

My Hijack File

Unread postby sidley1301 » November 15th, 2005, 10:13 am

I recently returned to work from vacation and for the last week, i have been receiving and blocking (with System Mechanic 4) almost 1000 popups per day. also, my IE settings change every morning. I have run Norton Antivirus, Spybot, and Trojan Hunter, which is about the extent of my knowledge. Look forward to hearing from you.


Logfile of HijackThis v1.99.1
Scan saved at 9:55:43 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\adtech2005.exe
C:\Program Files\PicoZip\PicoZipTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\O9X00MC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Autodesk Map 2004\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe /RESTART
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zukz] C:\PROGRA~1\COMMON~1\zukz\zukzm.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1917D5C6-356D-467D-88FA-14E56FF81601} (FileMgt.FileMgtCtrl) - http://hpcc.projectxnet.com/PW/FileMgt.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/files/en/pr ... wficat.cab
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - http://hpcc.projectxnet.com/PW/mpsPwLc7.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C73239BD-016D-4B02-8A80-C2652884D136}: NameServer = 192.168.1.254
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\WTASERVC.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGF1cmEgQ3JhaWc\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RAID Storage Manager Agent (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
sidley1301
Regular Member
 
Posts: 28
Joined: November 15th, 2005, 8:32 am
Location: Nevis, West Indies
Top
Advertisement
Register to Remove

Unread postby Surreal2 » November 16th, 2005, 11:31 am

Hi sidley1301 - I'm checking your log now and will post back as soon as possible. Researching the log takes a little time so please be patient.

Cheers...
Surreal2
Regular Member
 
Posts: 207
Joined: September 30th, 2005, 1:24 pm
Location: Peterborough, UK
Top

Unread postby Surreal2 » November 19th, 2005, 11:00 am

Hi sidley1301

Many apologies for the delay but I've been checking your log with the forum experts and there are indications of quite a few problems. It will take a while to clean your computer and the best way to start is to run some automated tools - so please work carefully through the following steps.

It would be a good idea to print out this post as you will need to disconnect from the Internet and restart your computer.

Before we continue, please ensure the Trojan Hunter Guard is disabled as it might interfere with the fixes. To do this, look for the icon in the lower right corner of your screen (light blue magnifying glass with a red handle). Right-click on it and select 'Settings', then click to UN-check both 'Load at startup' and 'Enabled'.


Step 1 - Download tools
  • Click HERE to download L2mfix to your desktop - DO NOT RUN IT YET
  • Click HERE and click on 'Free trial' to download the trial version of Spy Sweeper
    1. Install it using the Standard Install option. You will be asked to type in your e-mail address - it is safe to do so. If you receive alerts from your firewall, allow all activities for Spy Sweeper
    2. When prompted to check for updated definitions, please do so (this may take several minutes)
    3. When it's finished updating, close the program - DO NOT RUN IT YET
  • Click HERE and use the 'Download now' button at the bottom of the page to download the trial version of Ewido Security Suite
    1. Click or double-click on ewido-setup.exe to install the program - when installing, under 'Additional Options' UN-check 'Install background guard' and UN-check 'Install scan via context menu'
    2. There should be a big 'E' icon on your desktop, click or double-click it to launch the program
    3. Click 'OK' when prompted to update the program
    4. On the left hand side of the main screen click 'Update' and then 'Start'
    5. When the updates have been installed, exit Ewido - DO NOT RUN IT YET
Step 2 - upload suspicious file
  • Click HERE to visit the Jotti site
  • Click 'Browse' and navigate to the following file on your computer
      C:\Program Files\Common Files\zukz\zukzm.exe
  • Then click 'Submit' - and make a note of the result
When you have done that, please restart your computer in Safe Mode (restart your computer and immediately begin repeatedly tapping the 'F8' key on your keyboard until a menu appears, then use the arrow keys to highlight 'Safe Mode' and press the 'Enter' key).

In Safe Mode, go Start --> Control panel --> Folder options and select the View tab. Choose to 'Show hidden files and folders' and UN-check both 'Hide protected operating system files' and 'Hide extensions for known file types'. Then click 'OK' to close the window.

Step 3 - Ewido Security Suite
  • Close all open programs/windows (including Internet Explorer) and start Ewido
    • Click on 'Scanner'…then click 'Settings'
    • Under 'How to scan' make sure all boxes are selected
    • Under 'Possibly unwanted software' make sure all boxes are selected
    • Under 'What to scan' select 'Scan every file'
    • Click 'OK' and then click 'Complete system scan'

      Note - if Ewido finds anything, it will pop up a notification. We have been finding some cases of 'false positives' with the new version of Ewido, so you need to step through the fixes one by one. If Ewido finds something that you KNOW is legitimate or you receive alerts that have the word 'Heuristic' in them and you recognise the file name - or if you are unsure of any entry - then select 'NONE' as the action…DO NOT check 'Perform action with all infections'. If any of the files for which you select 'None' are bad, they will show up in the next HijackThis log.
  • When the scan has finished there will be a button on the bottom of the screen named 'Save report' - click this and save the report to your desktop, then close Ewido
Step 4 - Spy Sweeper
  • Still in Safe Mode and with all other programs/windows closed, start Spy Sweeper
  • Click on 'Options --> Sweep Options' and click to place a check mark against 'Sweep all Folders on Selected drives'
  • Place a check mark against 'Local Disc C'
  • Under 'What to Sweep', place a check mark in every box
  • Now click on 'Sweep' and allow the program to fully scan your system
  • When the scan has finished, click 'Remove', then click 'Select All' and then finally click 'Next' (the program may ask to reboot to complete the cleaning process, in which case please do so, restarting in Normal mode)
  • Then, from 'Results', select the Session Log tab and click 'Save to File' and save the log to your desktop
  • Close Spy Sweeper - if the program did not ask to restart your computer, please restart it now in Normal mode
Step 5 - online scans

We need to run some online scans to seek out and remove some of the malware. These scans will take a while so please be patient.

Kaspersky
  • In Normal mode, start Internet Explorer and click HERE to visit the Kaspersky site
  • Click the Kaspersky Online button - and click 'Yes' when you are prompted to install an ActiveX component from Kaspersky
  • The program will launch and then start to download the latest definition files
  • Once the scanner is installed and the definitions have downloaded, click 'Next' and then click on 'Scan Settings' and ensure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click 'OK'
  • Now under 'Select a target to scan' choose My Computer
  • The scan will take a while so be patient and let it run
  • When the scan is complete it will display if your system has been infected
  • Click on the 'Save as Text' button and save the file to your desktop
Panda ActiveScan
  • Click HERE and when the page opens click 'Free online virus scan' (top right of the page)
  • In the new window that opens click the big 'Check Now' button - you will be asked to enter some details, it is safe to do so - then click the big 'Scan Now' button
  • If it asks to install an ActiveX component allow it to do so
  • It will start downloading the files it requires for the scan (this may take a few minutes)
  • When it's ready, select 'Full scan (Recommeded) and then click 'Next' to start the scan
  • When the scan has finished, if anything malicious was detected, click the 'See Report' button, then click 'Save Report' and save it to your desktop
TrendMicro
  • Click HERE and when the page opens choose your location from the drop-down box and click 'Go'
  • It will take a while to download needed files then a new window will appear
  • Click on 'My Computer' in the box, click to place a check mark in the box next to 'Auto Clean' and then click 'Scan'
  • When it has finished, copy the full names of anything that cannot be cleaned or deleted into a new Notepad file and save it to your desktop
Step 6 - L2mfix
  • Double click the l2mfix.exe on your desktop
  • Click the 'Install' button and follow the prompts, then open the new l2mfix folder created on your desktop
  • Click or double-click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter
  • The program will scan your computer and it may appear nothing is happening, but after a minute or two Notepad will open with a log - copy and paste this into a new reply to this thread topic

    IMPORTANT: If you get an error message when running Option 1 let me know - but do NOT run option 2 OR any other files in the l2mfix folder until you are asked to do so

Now restart your computer in Normal mode once more, run HijackThis and produce a fresh log.

In addition to the new HijackThis log and the L2mfix log, I need:
  • The result of the Jotti file scan
  • Ewido scan log
  • Spy Sweeper scan log
  • Kaspersky scan log
  • Panda scan log
  • Trend scan - names of any files that could not be fixed
You may have to copy these into separate posts

Cheers…
Surreal2
Regular Member
 
Posts: 207
Joined: September 30th, 2005, 1:24 pm
Location: Peterborough, UK
Top

Please archive

Unread postby sidley1301 » November 29th, 2005, 9:53 am

To the Admin Staff-

Since i have now enrolled in the school, i will be attempting to fix my computor as i progress through the lessons. So please archive this thread so that is does not remain open and unfinished.

Thank you

Sidley1301
sidley1301
Regular Member
 
Posts: 28
Joined: November 15th, 2005, 8:32 am
Location: Nevis, West Indies
Top

Unread postby NonSuch » November 29th, 2005, 4:27 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index