sari

romeo, I need to have you run fixwareout again - I missed removing a line with hijackthis, and I want to make sure it's completely removed. I apologize for that. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be

Stephen, This is a pretty messy log, so it will take multiple steps to clean you up. It's important that you follow all the directions carefully and stay with me until you're clean. You may want to print these directions for reference. Please download Qoofix by Rubber Ducky to your desktop. Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive Close all windows and programs, including internet windows. Go to C:\Qoofix and open the folder, then double click on Qoofix.exe Click Begin Removal and wait for the scan to finish If Qoofix finds an infection

Stephen, I'm currently reviewing your hijackthis log and will be posting a response shortly. sari

Thanks, everyone My day was made better by the best wishes of all my friends online. sari

Hi romeo, Welcome to Besttechie. You have a few problems there, so let's get started cleaning you up. There will be several steps involved in the cleanup, so please stay with me to the end. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin

qwertyuiop, While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. [*]Open Spybot Search & Destroy. [*]In the Mode menu click "Advanced mode" if not already selected. [*]Choose "Yes" at the Warning prompt. [*]Expand the "Tools" menu. [*]Click "Resident". [*]Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. [*]In the File menu click "Exit" to exit Spybot Search &am

qwertyuiop, Due to the length of your bitdefender log, your hijackthis log got cut off. Could you please post a full log for me? Thanks! sari

qwertyuiop, That happens sometimes. Try this: BitDefender. Please post the results of the scan in your next reply. sari

qwertyuiop, I'm sorry you had trouble with that, but the good news is that it worked. Let's move on to the next step, as you still have quite a few things that you don't want on there. I'd like you to do an online virus scan next. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send If it wants to install an ActiveX component allow it Select either Home User or Company Click the big Scan Now button It will s

qwertyuiop, You do have a few issues in this log! We're going to start by getting rid of something called pokapoka. Please download LQfix.exe from one of the following locations: http://www.downloads.subratam.org/LQfix.exe http://miekiemoes.geekstogo.com/tools/LQfix.exeSave it to your desktop. Double-Click LQfix.exe and click Next > Next > Install. Leave the default settings, if you change them, the fix will Fail! You need an active Internet Connection, so make sure your you're not blocking any connection now. Now make sure the "Launch LQfix" box is checked. Click the Finish button, aft

jeebusllama, Please download the Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\DOCUMENTS AND SETTINGS\Eddie\LOCAL SETTINGS\Temp\bwgo0000a8c3.exe C:\WINDOWS\SYSTEM32\ot.ico C:\WINDOWS\SYSTEM32\shellexp.exe C:\WINDOWS\videoc.ocx

Jeebusllama, Hi, and welcome to Besttechie. I will be helping you with your log. I see that you are running HijackThis from a temporary directory; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the program into it. It is very important you do this, as Hijackthis creates backups that you don't want deleted! Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar:

marinerschas2, I wanted you to run an online virus scan because you did have multiple unknown or definite virus files. Could you try one of these instead? Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro. Thanks, sari

marinerschas2, Do you know what this entry is? O4 - HKLM\..\Run: [filit] C:\Documents and Settings\Chas\Desktop\foobar.exe Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will

marinerschas2, Umm, could you tell me what you did exactly? And did you disable startup programs in msconfig? If so, I need you to re-enable everything so I can see what's there, to verify there's nothing bad starting up. We don't really recommend that users delete items from hijackthis on their own, nor hide items in msconfig, as it makes it more difficult for us. Thanks, sari

marinerschas2, I'm not sure what you did either, but let's get you cleaned up! First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet. To Get rid of NewDotNet, go to: Start > Control Panel > Add or Remove Programs and remove the following: New.Net Applications or New.Net Domains (anything that says New.Net) If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4. In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe th

Yeah, and it wasn't pretty. Mandy had to wash his pants and the floor of #besttechie!

A belated happy birthday, Gwyrox732! Sari

With the correct version of hijackthis.... Logfile of HijackThis v1.98.2 Scan saved at 3:18:46 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\NavNT\defwatch.exe

Thanks, rock Did that - this is the log from my daughter's user id, then I'll post the one from mine if it looks different. Logfile of HijackThis v1.98.1 Scan saved at 2:39:48 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAge

I think I've cleaned this up, but doublecheck for me please Sari Logfile of HijackThis v1.98.1 Scan saved at 1:36:47 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program F