sari

Members
  • Content Count

    105
  • Joined

  • Last visited

Everything posted by sari

  1. damian, Your log is clean now - how are things running? You'll have no sanity left after your twins are born! Congratulations on that! sari
  2. I'm going to ask the author of the program - I haven't seen this before.
  3. Marco, I just re-read my instructions and realized they're outdated. Smitfraudfix is an executable file - you should just be able to doubleclick on the icon to run it. Then you get a message about joedanger not being involved with the program, and are asked to press any key to continue. Is that what happens? What do you mean by your computer gets blocked? sari
  4. damian, Sorry about that. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {2632CB6A-0A81-1938-807B-74129546BC9B} - C:\WINDOWS\System32\ekzwdgor.dll (file missing) O2 - BHO: (no name) - {D5F55E01-73FA-4DED-905A-96C1FCF615A1} - C:\WINDOWS\System32\pjdg.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O20 - Winlogon Notify: winpez32 - winpez32.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. I have 2 teenage girls (and no sanity left). sari
  5. damian, I'm sure there are people that would say I'm no angel! My kids, especially. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. HJT Entries go here Now close all windows other than HiJackThis, then click Fix Checked. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like
  6. marco, You had a new variant of smitfraud that the tool didn't get. I notified the developer and he updated it last night. I'd like you to delete your current version of smitfraudfix. Please download SmitfraudFix (by S!Ri) to your Desktop. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows ico
  7. damian, That cleaned up a lot of nasty files. May I please see a new hijackthis log? Thanks, sari
  8. damian, Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Thanks, sari
  9. damian, Hello, and welcome to Besttechie.net. Your log tells me that Spybot has been trying to delete files on reboot, but either you haven't rebooted or it's not been able to do so. I believe you also have a vundo infection. Please do the following for me: Go to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe, right click on it, and rename it to hjt.exe. Please scan again and post the new hijackthis log for me. Thanks, sari
  10. Marco, Hi, and welcome to Besttechie.net. You have a few problems in your log, so let's get you cleaned up. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first opti
  11. Kohu, Your log is clean now. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other ver
  12. happyheart, I'm sorry for the late reply. I've been busy this week. Your log is clean. I'm not sure about the Yahoo issue. I've done some research on that and haven't found anything at all about that issue. Is it still happening? My concern is that Spywarebot deleted some important files, and it may be necessary to repair your Windows installation.
  13. Kohu, The AVG scan seems to have taken care of your problems - there are only a few minor cleanup items in your log now. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Please delete these files using Windows Explorer(if present): C:\WINDOWS\ALCXMNTR.EXE After that, Rebo
  14. Ramesh, Hello, and welcome to Besttechie. I'm going to have you run a program called vundofix, which is written specifically to remove vundo. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJ
  15. happyheart, Hello, and welcome to Besttechie. You do indeed still have infections, so I'm going to help you clean up. For the record, Spywarebot is not an application I would recommend - there are better ones out there, and Spywarebot is considered by many to be a rogue application, because it plays on the name of Spybot Search and Destroy. Please go to Uploadmalware to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\WINDOWS\System32\vssrprxy.exe In the comments, please mention that I asked you
  16. hs_gram, Yes, please - I promise there's nothing malicious here, but because they're executable files, they sometimes get flagged. sari
  17. hs_gram, Hi, and welcome to Besttechie. I'm going to help you clean up your PC. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system pro
  18. Kohu, Hi, and welcome to Besttechie. You do indeed have a few different infections in your log. Let's get you cleaned up, and then I suggest you ban your brother from your computer. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Note: It is p
  19. elearct, I'm sorry - since you had run the program, I assumed you would still have it on your desktop. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. From that point, you can follow the rest of the directions in my first post. sari
  20. elearct, Hello, and welcome to the Besttechie forums. You are indeed infected, so let's get you cleaned up. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first opti
  21. tman70, You can just delete the programs I had you download. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file) Now close all windows other than HiJackThis, then click Fix Checked. That's just a leftover, but no point in leaving it in there. I'm glad everything is good now - it's not fun thinking your PC is compromised like that. I'm glad I could be of assistance. sari
  22. Happy Birthday, Jeff!
  23. tman, Sure. I want to clear all the network equipment of any existing IP addresses.
  24. tman70, What we're going to do is reset your network information, especially your DNS servers. The following line appears to be redirecting you: O17 - HKLM\System\CCS\Services\Tcpip\..\{144F6782-9984-4E25-9848-BC7F1AA97616}: NameServer = 72.21.36.74 If I look up that address, it appears to go to a company called Layered Tech, in Texas, but it actually resolves to a Brazilian address. This is what I'd like you to do. You may want to print these instructions, as I'm going to have you go offline for part of the fix. Please re-open HiJackThis and scan. Check the boxes next to all the entries l
  25. tman, Several questions for you. 1) Is this computer networked, and do you have a router 2) Is Comcast your ISP? I have some things for you to try - I'm putting them together in a response right now. However, there is a suspicious IP address that might be the source of your issue. sari