didom

Members
  • Content Count

    27
  • Joined

  • Last visited

About didom

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male
  1. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Step #1 Please run Notepad and copy the following text into a new file: Save the file as recyclerem.bat and make sure the "Save as type" field says "All files". This is how the batch must look afterwards: Double-Click on the file recyclerem.bat, a small DOS type window should open and close immediately. Step #2 We need to make sure all hidden files are showing so please: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide file extensions for known types option. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Step #3 Reboot Your System in Safe Mode: Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Step #4 Find and delete these files and folders (if they are still there): C:\WINDOWS\SYSTEM32\ncompat.tlb <= this file Reboot your computer normally. Step #5 Run Panda's online virus scan and perform a full system scan: Panda ActiveScan Save the Panda ActiveScan log. Start HijackThis and perform a new scan. Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  2. It's safe! You have to make all the hidden files visible because some files may be hidden and then you can't delete them! when you are clean we can hide them again! Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Step #1 Please run Notepad and copy the following text into a new file: Save the file as recyclerem.bat and make sure the "Save as type" field says "All files". This is how the batch must look afterwards: Double-Click on the file recyclerem.bat, a small DOS type window should open and close immediately. Step #2 We need to make sure all hidden files are showing so please: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide file extensions for known types option. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Step #3 Reboot Your System in Safe Mode: Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Step #4 Find and delete these files and folders (if they are still there): C:\WINDOWS\SYSTEM32\msvol.tlb <= this file Reboot your computer normally. Step #5 Run Panda's online virus scan and perform a full system scan: Panda ActiveScan Save the Panda ActiveScan log. Start HijackThis and perform a new scan. Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  3. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Step #1 Scan again with HijackThis and check the following items: O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp2B3B.tmp O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) After checking these items, close all browser windows except HijackThis and click "Fix checked". Step #2 We need to make sure all hidden files are showing so please: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide file extensions for known types option. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Step #3 Reboot Your System in Safe Mode: Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Step #4 Find and delete these files and folders (if they are still there): C:\Program Files\Microsoft AntiSpyware\Quarantine\F1235B3D-60B5-40FA-96FC-ADEF23\C87A2E04-AE09-4F3D-A34C-937AC7 <= this folder Reboot your computer normally. Step #5 Run Panda's online virus scan and perform a full system scan: Panda ActiveScan Save the Panda ActiveScan log. Start HijackThis and perform a new scan. Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  4. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! We need to make sure all hidden files are showing so please: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide file extensions for known types option. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Reboot Your System in Safe Mode: Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Scan again with HijackThis and check the following items: O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9F11.tmp O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O4 - HKLM\..\RunServices: [isass] C:\WINDOWS\system32\Isass.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk101AXGB O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) After checking these items, close all browser windows except HijackThis and click "Fix checked". Find and delete these files and folders (if they are still there): C:\Program Files\PartyPoker <= this folder Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido security suite. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt (C:\smitfiles.txt) log and the Ewido Log by using Add Reply. Let us know if any problems persist.
  5. Please look here for a solution: http://support.microsoft.com/?kbid=296241
  6. Ok let's try this: Hello, we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds. Reboot into Safe Mode! Click Start Select Run At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow. Typing this will start the program, and a box should appear telling you how much longer the process should take. Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files: My Computer Tools Folder Options View "Uncheck" Hide protected operating system files. Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD. Once the scan is complete: Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates. Please reboot, and let me know if anything has changed. Also, please rehide the protected files: My Computer Tools Folder Options View "Check" Hide protected operating system files.
  7. Can you see the AWS folder in the Command Prompt?
  8. Thanks everyone! I had a great day!
  9. Can you get into the C:\Program Files\AWS-folder And then try this command: del *.*
  10. Please try this command: del C:\Program Files\AWS\*.*
  11. DELTREE C:\Program Files\AWS That should delete the whole folder ...
  12. Please try this through the command prompt: DELTREE C:\Program Files\AWS
  13. You can download en run this script: http://www.kellys-korner-xp.com/regs_edits...hiddenfiles.vbs To Enable/Disable Show Hidden Files/Folders....
  14. Step #1 Scan again with HijackThis and check the following items: O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com After checking these items, close all browser windows except HijackThis and click "Fix checked". Step #2 We need to make sure all hidden files are showing so please: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide file extensions for known types option. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Step #3 Reboot Your System in Safe Mode: Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Step #4 Find and delete these files and folders (if they are still there): C:\Program Files\AWS <= this folder Step #5 Restart the computer. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the (Safe Mode with) Command Prompt menu item. Press the Enter key. Step #6 At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow. Typing this will start the program, and a box should appear telling you how much longer the process should take. Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files: My Computer Tools Folder Options View "Uncheck" Hide protected operating system files. Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD. Once the scan is complete: Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates. Please reboot, and let me know if anything has changed. Also, please rehide the protected files: My Computer Tools Folder Options View "Check" Hide protected operating system files.
  15. Scan again with HijackThis and check the following items: O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) After checking these items, close all browser windows except HijackThis and click "Fix checked". Then reboot your computer and post a fresh HJT log! ----------------------------- Did you installed WeatherBug yourself? Are you able to run your computer in normal mode again?