HJT log attached, have followed instructions
- Thread starter Dadof3
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Delete all files in AVG Antispyware quarantine.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ipwins
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ipwins.exe
CC8159BF.exe
w?wexec.exe<The question mark can be any random number/letter etc.
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - {EA8299B4-5D53-06DE-76F7-0D45027820EB} - C:\WINDOWS\System32\afr.dll (file missing)
O2 - BHO: (no name) - {EA8299B4-5D53-06DE-76F7-0D45027820EB} - C:\WINDOWS\System32\afr.dll (file missing)
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [winconf] C:\WINDOWS\TEMP\CC8159BF.exe
O4 - HKCU\..\Run: [Eqjnng] C:\Program Files\Common Files\?ecurity\w?wexec.exe
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\System32\axlet.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\System32\axlet.dll
C:\Program Files\ipwins<Delete the entire folder.
C:\Program Files\Common Files\?ecurity<Delete the entire folder.
C:\WINDOWS\TEMP\CC8159BF.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ipwins
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ipwins.exe
CC8159BF.exe
w?wexec.exe<The question mark can be any random number/letter etc.
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - {EA8299B4-5D53-06DE-76F7-0D45027820EB} - C:\WINDOWS\System32\afr.dll (file missing)
O2 - BHO: (no name) - {EA8299B4-5D53-06DE-76F7-0D45027820EB} - C:\WINDOWS\System32\afr.dll (file missing)
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [winconf] C:\WINDOWS\TEMP\CC8159BF.exe
O4 - HKCU\..\Run: [Eqjnng] C:\Program Files\Common Files\?ecurity\w?wexec.exe
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\System32\axlet.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\System32\axlet.dll
C:\Program Files\ipwins<Delete the entire folder.
C:\Program Files\Common Files\?ecurity<Delete the entire folder.
C:\WINDOWS\TEMP\CC8159BF.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
New virus related problem
I have run the advised path for virus detection and have attached the Hijack This log file for your review. I appreciate your comments once you have reviewed the log file. My sons computer will lock up after a few minutes of running and the computer will automate a timed shut-down if you run for more than a few minutes. You cannot run cntrl-alt-delete and it will also not allow you to close any operations that are described as no longer running.
Help!
Thank you,
Paul.
I have run the advised path for virus detection and have attached the Hijack This log file for your review. I appreciate your comments once you have reviewed the log file. My sons computer will lock up after a few minutes of running and the computer will automate a timed shut-down if you run for more than a few minutes. You cannot run cntrl-alt-delete and it will also not allow you to close any operations that are described as no longer running.
Help!
Thank you,
Paul.
howard_hopkinso
Posts: 21,238 +17
Download Vundofix from HERE.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the filepath you need to enter into Vundofix.
C:\WINDOWS\System32\mszsrn32.dll
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ibm00001.exe
3611010322569001718.exe
3611010322569003546.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [WinUpgrade] "C:\3611010322569001718.exe "
O4 - HKCU\..\Run: [WinUpdate] "C:\3611010322569003546.exe "
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\3611010322569003546.exe
C:\3611010322569001718.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the filepath you need to enter into Vundofix.
C:\WINDOWS\System32\mszsrn32.dll
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ibm00001.exe
3611010322569001718.exe
3611010322569003546.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [WinUpgrade] "C:\3611010322569001718.exe "
O4 - HKCU\..\Run: [WinUpdate] "C:\3611010322569003546.exe "
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\3611010322569003546.exe
C:\3611010322569001718.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Sorry, I forgot to add the filepath. Fixed now.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
No, fixed/edited my original post with the instructions in it lol.
Regards Howard
Regards Howard
Ran Vundofix twice
Thank you very much for your support. The first time we ran Vundofix, it was unable to delete mszsrn32.dll in the system file. It automatically restarted the computer and attempted again. After the 2nd time, it appears to have worked. I deleted the file that you recommended and I have attached a new HJT log file for your review.
I thought that Windows Vista was going to provide a new, higher level of system security? If not, than I wont worry about upgrading at the present time. Any thoughts you may have on Vista is appreciated.
Paul.
Thank you very much for your support. The first time we ran Vundofix, it was unable to delete mszsrn32.dll in the system file. It automatically restarted the computer and attempted again. After the 2nd time, it appears to have worked. I deleted the file that you recommended and I have attached a new HJT log file for your review.
I thought that Windows Vista was going to provide a new, higher level of system security? If not, than I wont worry about upgrading at the present time. Any thoughts you may have on Vista is appreciated.
Paul.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is now clean.
I`ve already seen several windows Vista systems that were infected with malware. That`s not to say Vista isn`t more secure, but it`s certainly not as foolproof as some would have you believe. Add to that, the problems that Vista is causing with drivers/software etc and I`m inclined to advise staying away from vista, until it`s been around a couple of years or so. At the very least, I`d wait until Vista service pack1 is released.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I`ve already seen several windows Vista systems that were infected with malware. That`s not to say Vista isn`t more secure, but it`s certainly not as foolproof as some would have you believe. Add to that, the problems that Vista is causing with drivers/software etc and I`m inclined to advise staying away from vista, until it`s been around a couple of years or so. At the very least, I`d wait until Vista service pack1 is released.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Dadof3 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Ayaneo Pocket S Android handheld lands on Indiegogo starting at $400- Shawn Knight replied
-
The Best Handheld Gaming Consoles- MarkHughes replied
