deltalima

Hi Wainwright, Remove old Java Click Start, point to Settings, and then click Control Panel. In Control Panel, double-click Add or Remove Programs. In Add or Remove Programs, highlight J2SE Runtime Environment 5.0 Update 11 highlight J2SE Runtime Environment 5.0 Update 4 highlight J2SE Runtime Environment 5.0 Update 6 click Remove. Close the Add or Remove Programs and the Control Panel windows. You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions. All versions numbered lower than 9.2 are vulnerable. Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader. Save this file to your desktop and run it to install the latest version of Adobe Reader. Run Combofix Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix. Close all programs. Double click combofix.exe and follow the prompts. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your

Hi big_red01027, ComboFix - CFScript This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again! You will not have Internet access when you execute ComboFix. All open windows will need to be closed! Please open Notepad and copy/paste all the text below... into the window: Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"=- FILE:: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe Save it to your desktop as CFScript.txt Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows. *Only* when the 2 items above (Step 3) have been taken care of... Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below: This will cause ComboFix to run again. Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash. Do Not touch your computer when ComboFix is running! When finished ComboFix will create a log file... you can save this file to a convenient place. Please copy/paste the ComboFix log file in your next reply. ** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Hi Wainwright, As long as the file names are changing the the scan is still running. Please let it continue and then post back the results.

Hi Wainwright, Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present): R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {2d50b324-cd35-4caa-8706-fad064565c97} - kuzapiso.dll (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Now close all other open windows and then click on Fix Checked. Close HijackThis. [*] Click Start, point to Settings, and then click Control Panel. [*] In Control Panel, double-click Add or Remove Programs. [*] In Add or Remove Programs, highlight Java

Hi big_red01027, I see signs of Norton Antivirus and Firewall having been installed on this machine but not installed now. If Norton has been uninstalled then follow these instructions. Norton Removal Tools There are remnants of Norton Security products on your computer. Symantec did not remove everything as it should. This is a common problem. Please go to Norton Removal Tools Select the removal tool that corresponds to your installed Norton Product... Save it to your desktop. Click the Norton Removal Tool, on your desktop, to begin the removal process. If using Vista, you must right click on the tool and choose "Run As Administrator". Follow the prompts and instructions. Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present): O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) Now close all other open windows and then click on Fix Checked. Close HijackThis. Next Click Start, point to Settings, and then click Control Panel. In Control Panel, double-click Add or Remove Programs. In Add or Remove Programs, highlight Kazaa Lite K++ v2.4.1 , highlight Registry Defender , click Remove. Close the Add or Remove Programs and the Control Panel windows. Now you need to show all files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck Hide file extensions for known file types* Uncheck the Hide protected operating system files (recommended) option. Click Apply to confirm. Click OK Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete these folders (if present): c:\windows\system32\cache32dsrf4535dfs c:\program files\Personal Guard 2009(2) c:\documents and settings\Jesse Morales\Application Data\BitTorrent c:\program files\Messenger Plus! 3 Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete these files (if present): c:\windows\system32\drivers\kgpfr2.cfg c:\windows\isRS-000.tmp Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply along with a fresh HijackThis log.

Hi big_red01027, How to use combofix: Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix. Download ComboFix from here to your Desktop. For more information about Combofix please see here Close all programs. Double click combofix.exe and follow the prompts. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

Hi Wainwright, How to use combofix: Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix. Download ComboFix from here to your Desktop. Close all programs. Double click combofix.exe and follow the prompts. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

Hi Wainwright, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware. Uninstall List Open HijackThis. Look under System tools. Click on the Open Uninstall Manager... button. Click on the Save list... button. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. Notepad will open. Please copy and paste the contents of this log in your next reply.

Hi big_red01027, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware. Uninstall List Open HijackThis. Look under System tools. Click on the Open Uninstall Manager... button. Click on the Save list... button. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. Notepad will open. Please copy and paste the contents of this log in your next reply.

Hi Aiharauko, Please ensure that SUPERAntiSpyware, AVG and Malwarebytes have all been enabled for real time protection. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Now lets uninstall ComboFix: Click START then RUN Now type Combofix /u in the runbox and click OK Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide Re-enable system restore with instructions from tutorial above Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Happy surfing and stay clean!

Hi Aiharauko, Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete this file (if present): C:\WINDOWS\system32\xjkdmvr.dll.bak Replace the Current HOSTS File with MVPs Download HostsXpert and unzip it to your computer, somewhere where you can find it. Double click on HostsXpert.exe to launch the program. In the bottom half of the left pane, click on File Handling If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only Click third button from the bottom, labeled Download. A couple new buttons will appear at the top. Click on the top button labeled MVPs Hosts and choose Replace When asked to verify if you want to Replace present Hosts file, click OK. When it finishes , click on File Handling again. Click the button at the top labeled Make Read Only, so the label changes to Make Writeable? Hit the X in the upper right corner to exit HostsXpert If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one. Now please run a new Malwarebytes' Anti-Malware scan and post the log here along with a new HijackThis scan. Please also give an update as to how the PC is running now.

Hi Aiharauko, Disable SUPERAntiSpyware Programs like SUPERAntiSpyware, may interfere with the fix, so we need to temporarily disable it. Right-click on the SUPERAntiSpyware icon, in the system tray. Choose View Control Center... "Preferences/options" button/tab. On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts" click Close to exit. Don't forget to enable your SUPERAntiSpyware protection, when your computer is clean. Disable AVG8 Open AVG8 Control Center, by right clicking on AVG8 icon on task bar. Click on Tools. Select Advanced. In the left hand pane, scroll down to Resident Shield. In the main pane, deselect the option to Enable Resident Shield. Note: Don't forget to re-enable it after the fix. Disable Malwarebytes Anti-Malware Right click on the Malwarebytes icon in the tool tray and select exit Download ComboFix from here to your Desktop. Close all programs. Next go Start/Run and copy paste the text below and click ok. "%userprofile%\desktop\combofix.exe" /v xjkdmvr If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

Hi Aiharauko, Welcome to the Malwarebytes forums. My nickname is deltalima and I will be helping you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware. LIST OF PROGRAMS USING HIJACKTHIS Open HijackThis. Look under System tools. Click on the Open Uninstall Manager... button. Click on the Save list... button. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. Notepad will open. Please copy and paste the contents of this log in your next reply. See in this link details. http://img.bleepingcomputer.com/tutorials/...install-man.jpg