I had tons of adware/trojans/etc...here are my logs.

Status
Not open for further replies.
F

fatcat4009

I started seeing random internet explorer popups and noticed that windows was booting slower and slower. I ran my usual programs (ad-aware and virus scan) It actually found a bunch of stuff. Obviously I removed it immeditaly...but it kept coming back. I tried lots of different scans, etc and things got better, but I couldn't get rid of it completely. Finally I found this forum. I have done everything under "Viruses/Spyware/Malware, preliminary removal instructions." This helped a ton. Attached are my AVG and HJT logs. I want to make sure this stuff is really gone! Any further assistance would be appreciated.

Thanks,

fatcat
 
Hello and welcome to Techspot.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into Vundofix.

C:\WINDOWS\system32\ucsrqimi.dll

Then, do the following.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {591FBDE9-CBCC-188B-AC6F-07504DE503D4} - C:\WINDOWS\system32\unvsxlf.dll (file missing)

O2 - BHO: (no name) - {D38DCCDA-BEEF-4A38-8F9D-F105591BB52A} - (no file)

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\ucsrqimi.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {2AD5DBAE-2DDB-11D4-A96C-00E09872DF17} (PrintRoomUploader Class) - http://www.printroom.com/_vti_dnl/PrintroomUploaderX3.CAB

O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab

O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCMTR.EXE

Empty your recycle bin and reboot your system.

Post a fresh HJT log after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of fatcat4009 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

Delete all files in the following directory.

C:\Program Files\Yahoo!\YPSR\Quarantine

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

BTW: You did a fantastic job of following the preliminary instructions thread. very well done.

Regards Howard :)

This thread is for the use of fatcat4009 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Matthew DeCarlo
Weekend tech reading: Self-driving cars are here, a history of integrated circuits, child...
Replies
0
Views
1K
Matthew DeCarlo
The time I had to crack my own Reddit password
Replies
5
Views
2K
dogofwars
dogofwars
D
Solved Some serious adware and possibly worse
Replies
21
Views
13K
Broni
Broni

Latest posts

Back