jahanrajabi
Posts: 6 +0
if someone would check these I'd be eternally grateful
please check my logs I'll be eternally gratelful
- Thread starter jahanrajabi
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your system is infected with all kinds of crap. This is probably due to the fact you`re not running any antivirus software and don`t have a firewall.
Go and download the free AVG antivirus programme and the free Zonealarm firewall from HERE and Here.
Now disconnect from the internet. Install Zonealarm, followed by AVG and reboot your computer. Reconnect to the net and run the AVG updates.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with AVG and delete whatever it finds.
Reboot into normal mode and turn system restore back on.
Then, go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
Your system is infected with all kinds of crap. This is probably due to the fact you`re not running any antivirus software and don`t have a firewall.
Go and download the free AVG antivirus programme and the free Zonealarm firewall from HERE and Here.
Now disconnect from the internet. Install Zonealarm, followed by AVG and reboot your computer. Reconnect to the net and run the AVG updates.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with AVG and delete whatever it finds.
Reboot into normal mode and turn system restore back on.
Then, go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
jahanrajabi
Posts: 6 +0
new log
this is the new HJT log
this is the new HJT log
howard_hopkinso
Posts: 21,238 +17
jahanrajabi
Posts: 6 +0
new HJT+ewido logs
new HJT+ewido logs
new HJT+ewido logs
jahanrajabi
Posts: 6 +0
new HJT log
new HJT log
new HJT log
howard_hopkinso
Posts: 21,238 +17
That`s better, your HJT log is looking much better. However, we still need to get rid of some nasties.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
ipwins
winupdates
TClock
Viewpoint\Viewpoint Toolbar
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
sndraw32
close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ipwins.exe
winupdates.exe
sndraw32.exe
tclock_install.exe
PowerReg Scheduler V3.exe
Close task manager.
Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKCU\..\Run: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Viewpoint
PowerReg Scheduler V3.exe You will need to search your system for this file and delete all instances of it.
C:\Program Files\TClock
C:\WINDOWS\system32\sndraw32.exe
C:\Program Files\ipwins
C:\Program Files\winupdates
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
ipwins
winupdates
TClock
Viewpoint\Viewpoint Toolbar
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
sndraw32
close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ipwins.exe
winupdates.exe
sndraw32.exe
tclock_install.exe
PowerReg Scheduler V3.exe
Close task manager.
Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKCU\..\Run: [sndraw32] C:\WINDOWS\system32\sndraw32.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Viewpoint
PowerReg Scheduler V3.exe You will need to search your system for this file and delete all instances of it.
C:\Program Files\TClock
C:\WINDOWS\system32\sndraw32.exe
C:\Program Files\ipwins
C:\Program Files\winupdates
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
jahanrajabi
Posts: 6 +0
new logs
new Hjt logs
new Hjt logs
howard_hopkinso
Posts: 21,238 +17
Well done. Your HJT log is now clean.
How`s your system running?
Regards Howard
How`s your system running?
Regards Howard
jahanrajabi
Posts: 6 +0
reply
um pretty good
I'ts alot faster now and firefiox doesn't crash anymore
just when I first log on to windows ewido guard says that it has found something
called Adaware.Virtumonde and asks me if i want to clean or quarrantine or both
I wouldn't care if this only happened once but it happens every time I log in
Its not a big problem but if you have any ideas on what it is
get back to me
thanks alot!
jahan
um pretty good
I'ts alot faster now and firefiox doesn't crash anymore
just when I first log on to windows ewido guard says that it has found something
called Adaware.Virtumonde and asks me if i want to clean or quarrantine or both
I wouldn't care if this only happened once but it happens every time I log in
Its not a big problem but if you have any ideas on what it is
get back to me
thanks alot!
jahan
howard_hopkinso
Posts: 21,238 +17
- Status
