TechSpot

I had tons of adware/trojans/etc...here are my logs.

By fatcat4009
Feb 19, 2007
Topic Status:
Not open for further replies.
  1. I started seeing random internet explorer popups and noticed that windows was booting slower and slower. I ran my usual programs (ad-aware and virus scan) It actually found a bunch of stuff. Obviously I removed it immeditaly...but it kept coming back. I tried lots of different scans, etc and things got better, but I couldn't get rid of it completely. Finally I found this forum. I have done everything under "Viruses/Spyware/Malware, preliminary removal instructions." This helped a ton. Attached are my AVG and HJT logs. I want to make sure this stuff is really gone! Any further assistance would be appreciated.

    Thanks,

    fatcat
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    C:\WINDOWS\system32\ucsrqimi.dll

    Then, do the following.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {591FBDE9-CBCC-188B-AC6F-07504DE503D4} - C:\WINDOWS\system32\unvsxlf.dll (file missing)

    O2 - BHO: (no name) - {D38DCCDA-BEEF-4A38-8F9D-F105591BB52A} - (no file)

    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\ucsrqimi.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {2AD5DBAE-2DDB-11D4-A96C-00E09872DF17} (PrintRoomUploader Class) - http://www.printroom.com/_vti_dnl/PrintroomUploaderX3.CAB

    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab

    O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\ALCMTR.EXE

    Empty your recycle bin and reboot your system.

    Post a fresh HJT log after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of fatcat4009 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. fatcat4009

    fatcat4009 TS Rookie Topic Starter

    New HJT Log

    Thanks for the info!! I just completed all the instructions in your previous post. Here is the new HJT log.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Delete all files in the following directory.

    C:\Program Files\Yahoo!\YPSR\Quarantine

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    BTW: You did a fantastic job of following the preliminary instructions thread. very well done.

    Regards Howard :)

    This thread is for the use of fatcat4009 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. fatcat4009

    fatcat4009 TS Rookie Topic Starter

    Thanks for the help!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.