My log, please help

Status
Not open for further replies.
Can you please tell me if the following files are ones you have put on your pc yourself or not -

UniKey.exe
PlaxoHelper.exe
Documents and Settings\All Users\Application Data\tool else poke hope\forreadme.exe
C:\Program Files\Semagic\copy.htm

I need to know one way or the other for ALL of them.


This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Dear Rik,

I only need to keep Unikey.exe, it's my Vietnamese typing program, the rest i dont need/know what they are.

Thanks a lot.
 
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [pokehopefindcool] C:\Documents and Settings\All Users\Application Data\tool else poke hope\forreadme.exe
O4 - HKCU\..\Run: [mail bone] C:\DOCUME~1\Default\APPLIC~1\RDRPIN~1\ball settings curb.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BDFC4D-A2D3-4D61-906B-61D3FED8990F}: NameServer = 210.245.31.130,210.245.31.10


Click on the fix checked button.

Close HJT.

Then post a fresh HJT log and i will check to see if everything is gone.


This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ball settings curb.exe
forreadme.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fpt.vn:80<Fix this if you didn`t set this proxy yourself or don`t know what it is.

O4 - HKLM\..\Run: [pokehopefindcool] C:\Documents and Settings\All Users\Application Data\tool else poke hope\forreadme.exe

O4 - HKCU\..\Run: [mail bone] C:\DOCUME~1\Default\APPLIC~1\RDRPIN~1\ball settings curb.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{44BDFC4D-A2D3-4D61-906B-61D3FED8990F}: NameServer = 210.245.31.130,210.245.31.10<Only fix this if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Default\APPLIC~1\RDRPIN~1\ball settings curb.exe
C:\Documents and Settings\All Users\Application Data\tool else poke hope<Delete the entire folder.

Delete all files in AVG Antispyware quarantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let us know how your system is running.

Regards Howard :wave: :wave:

This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi, here is the log file, i hope i'm clean. I tired to fix O17 - HKLM...NameServer = 210.245.31.130,210.245.31.10 but then i couldnt get connected to the internet so i restored it cause i guess it's not a bad file, and im able to connect now and so far i havent seen any pop up...

Thanks a lot for your help :)
 
Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hi, i've this pop up again out of nowhere, i thought i was clean for a while... i dont know why though, didnt install or visit anything unsual... im including the log file again... please help

thanks a lot
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

UNIKEY

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ball settings curb.exe
Gpl real.exe
Dale Platform.exe
UniKey.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {4EA91AA4-8EB0-AD64-8B9A-3EE6020A7C0E} - C:\DOCUME~1\Default\APPLIC~1\Mealone\Dale Platform.exe

O4 - HKLM\..\Run: [pokehopefindcool] C:\Documents and Settings\All Users\Application Data\tool else poke hope\Gpl real.exe

O4 - HKCU\..\Run: [UniKey] C:\Program Files\UNIKEY\UniKey.exe

O4 - HKCU\..\Run: [mail bone] C:\DOCUME~1\Default\APPLIC~1\RDRPIN~1\ball settings curb.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Default\APPLIC~1\RDRPIN~1<Delete the entire folder.
C:\Program Files\UNIKEY<Delete the entire folder.
C:\Documents and Settings\All Users\Application Data\tool else poke hope<Delete the entire folder.
C:\DOCUME~1\Default\APPLIC~1\Mealone<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
If you`re absolutely sure it`s completely safe, then yes.

Regards Howard :)

This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
this is the log after i ran HJT, please check :)

and you're super quick. i wonder how can you manage all the problems? anyway thanks so much for doing this
 
Your HJT log is clean.

See how it goes and post back if you have further problems.

Regards Howard :)

This thread is for the use of afterall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Scorpus
Nvidia app launches in beta: Nvidia's new GPU control panel is much faster, no log in...
2
Replies
28
Views
607
RaXelliX
R
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni

Latest posts

Back