TechSpot

Every time I open my internet....

By MaximusAmerican
Dec 8, 2007
  1. ....changed.......
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

  3. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    Here ya go...
     
  4. Daveskater

    Daveskater Banned Posts: 1,687

    Cheers, mate, I'll look through that now.

    Could you go to your original post and edit it to take the old log out? We don't need it any more and it makes the page that much more longer ;)

    Edit:
    Have HJT fix these entries:

    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Ernie\Application Data\m\flec006.exe

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe

    Now follow these instructions:

    First, open Task Manager by pressing Ctrl + Alt + Del and end this process, if it is there:

    flec006.exe


    Then go to My Computer > C:\Documents and Settings\Ernie\Application Data\m\ and delete this file, if it's there:

    flec006.exe

    You may need to show your hidden files/folders to see the folder Application Data. For instructions, see here


    This thread is for the use of MaximusAmerican only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    That fixed it.

    Thanks!
     
  6. Daveskater

    Daveskater Banned Posts: 1,687

    No problem, mate, glad to hear it's sorted :D
     
  7. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    I have Windows XP and tried to do a system restore. But it keeps saying it "cannot be restored". Can you help me?
     
  8. Daveskater

    Daveskater Banned Posts: 1,687

    That seems a bit strange :confused:

    It could be that some malware is in a restore point, unless you really need to restore your pc, you may need to turn off system restore then turn it on again to remove all restore points.

    First, though, upload a fresh HJT log and I'll check that over to see if anything has found its way back.
     
  9. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    Here's my latest HJT log (attached)
     
  10. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

    You are still infected with C:\Documents and Settings\Ernie\Application Data\m\flec006.exe. If you haven't installed Spybot Search & Destroy then do so now and run a scan.
     
  11. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    I ran the Spybot Search & Destroy and that fixed it.

    Now every time I boot up my computer, a window keeps popping up that says "select file to crack"
     
  12. Daveskater

    Daveskater Banned Posts: 1,687

    Hat's weird, is it a window that lets you select or open a file, or just an "Ok" button message box?
     
  13. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    It's a window that lets you select or open a file
     
  14. Daveskater

    Daveskater Banned Posts: 1,687

    Ok, run an HJT scan and get it to open a log, only this time copy and paste the O4 section into a new reply to this thread.


    This thread is for the use of MaximusAmerican only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

    You are running a program called UnlockerAssistant. Perhaps that is the program that is automatically starting during boot and asking you which file you wish to crack. You should be able to disable UnlockerAssistant in the startup menu with Spybot Search & Destroy. All you have to do is start Spybot, click on Tools and then the System Startup icon. You'll see an entry with UnlockerAssistant in it and you can just remove the checkmark to disable the startup entry.
     
  16. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    I couldn't find "Tools" in Spybot so I uninstalled unlocker.

    Here's the 04 log:

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Ernie\Application Data\m\flec006.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [mule_st_key] C:\Documents and Settings\Ernie\Application Data\m\flec006.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [mule_st_key] C:\Documents and Settings\Ernie\Application Data\m\flec006.exe (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
     
  17. Daveskater

    Daveskater Banned Posts: 1,687

    Edited: just realized you uninstalled UnlockerAssistant ;)

    To get the Tools button in Spybot you have to switch it to advanced mode, i think there's a menu called Mode and the options are standard and advanced.

    Download Autoruns and find "C:\Documents and Settings\Ernie\Application Data\m\flec006.exe" in the Image Path column. Uncheck it then right click and press delete. There may be 3 entries with that Image Path, uncheck and remove all of them.

    Now try this again to make sure this file is gone.

    First, open Task Manager by pressing Ctrl + Alt + Del and end this process, if it is there:

    flec006.exe


    Then go to My Computer > C:\Documents and Settings\Ernie\Application Data\m\ and delete this file, if it's there:

    flec006.exe

    You may need to show your hidden files/folders to see the folder Application Data. For instructions, see here


    This thread is for the use of MaximusAmerican only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. MaximusAmerican

    MaximusAmerican TS Rookie Topic Starter Posts: 17

    I did all you asked me to do but I still have problems. Now I can't even do any Windows update.

    I think I'm sunked.
     
  19. Daveskater

    Daveskater Banned Posts: 1,687

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...