• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
maiki

about:blank

10 posts in this topic

:techsupport: need help pls. startpage allways turns intp about:blank; tried adaware, spybot and fireflys link in cole´s topic without helping it.

 

my problem links to:

normal window: (search for..- Microsoft Internet Explorer), adress: about:blank

pop up window: adware,spyware

 

tyvm for helping

many greetings from austria

michael

 

Logfile of HijackThis v1.97.7

Scan saved at 14:19:12, on 25.06.2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\GEARSEC.EXE

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

C:\Programme\Norton AntiVirus\navapsvc.exe

C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Programme\Norton AntiVirus\SAVScan.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\QuickTime\qttask.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\Programme\iPod\bin\iPodService.exe

C:\PROGRA~2\B'SCLI~1\Win2K\BSCLIP.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\devldr32.exe

C:\Programme\Microsoft Office\Office10\msoffice.exe

C:\Programme\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.utanet.at

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.utanet.at

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\maiki\LOKALE~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Programme\Kontiki\bin\bh309190.dll (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {CE606CB8-0D4E-4C27-BE9F-B9AE1E57234A} - C:\WINDOWS\System32\mdpncb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~2\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.utanet.at

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/221d80bd76053c4a5106/...ip/RdxIE601.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7913.5264699074

O16 - DPF: {B2C5C996-F1B2-4373-9823-74D9072615E6} (Privat-X Client) - http://download.privat-x.com/px_client.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2B6B2B-CB40-47E2-ADDA-E54FC76C6696}: NameServer = 195.96.0.4 195.70.224.45

Share this post


Link to post
Share on other sites

Download and install : "FINDnFIX.exe" from any of

the links in my signature.

 

Run the "!LOG!.bat" file, post the results....

Share this post


Link to post
Share on other sites
mdpncb.dll - thats the promblem.

 

open it in notepad and search for count.cc to check -> if result found

Won't work, save your efforts! ;)

 

The 'visible' BHO is not the Wide-system hook hijacker, but another file...

 

http://www.spywareinfoforum.com/index.php?showtopic=9653&hl=

http://www.spywareinfoforum.com/index.php?showtopic=9002&hl=

 

Different procedure each time .........

Share this post


Link to post
Share on other sites

:wave:

 

ty for helping me

 

here are the results

 

 

 

Microsoft Windows XP [Version 5.1.2600]

Der Typ des Dateisystems ist NTFS.

C: ist nicht fehlerhaft.

 

25.06.2004

3:03pm up 0 days, 1:09

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗

Files listed in this section (in System32) are not always definitive!

Always Double Check and be sure the file pointed doesn't exist!

 

╗╗Locked or 'Suspect' file(s) found...

 

 

C:\WINDOWS\System32\MSL.DLL +++ File read error

\\?\C:\WINDOWS\System32\MSL.DLL +++ File read error

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗

╗╗╗Special 'locked' files scan in 'System32'........

**File C:\FINDnFIX\LIST.TXT

MSL.DLL Can't Open!

 

****Filtering files in System32... (-h -s -r...) ***

╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

 

C:\WINDOWS\SYSTEM32\

msl.dll Thu 24 Jun 2004 10:00:48 A...R 57.344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57.344 bytes 56,00 K

 

No matches found.

 

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\MSL.DLL

╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

 

╗╗Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

╗╗Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read VORDEFINIERT\Benutzer

(ID-IO) ALLOW Read VORDEFINIERT\Benutzer

(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren

(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren

(ID-NI) ALLOW Full access NT-AUTORITÄT\SYSTEM

(ID-IO) ALLOW Full access NT-AUTORITÄT\SYSTEM

(ID-IO) ALLOW Full access ERSTELLER-BESITZER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read VORDEFINIERT\Benutzer

Full access VORDEFINIERT\Administratoren

Full access NT-AUTORITÄT\SYSTEM

 

 

╗╗Member of...: (Admin logon required!)

User is a member of group WEST\Kein.

User is a member of group \Jeder.

User is a member of group VORDEFINIERT\Administratoren.

User is a member of group VORDEFINIERT\Benutzer.

User is a member of group \LOKAL.

User is a member of group NT-AUTORIT─T\INTERAKTIV.

User is a member of group NT-AUTORIT─T\Authentifizierte Benutzer.

 

╗╗Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x VORDEFINIERT\Administratoren

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT-AUTORIT─T\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x WEST\maiki

Allow 0000000B -co- 10000000 ---A ---- ---- \ERSTELLER-BESITZER

Allow 00000003 tco- 001200A9 ---- -S-- r--x VORDEFINIERT\Benutzer

Allow 00000002 tc-- 00000004 ---- ---- --+- VORDEFINIERT\Benutzer

Allow 00000002 tc-- 00000002 ---- ---- -w-- VORDEFINIERT\Benutzer

 

Owner: WEST\maiki

 

Primary Group: WEST\Kein

 

 

 

╗╗╗╗╗╗Backups created...╗╗╗╗╗╗

3:04pm up 0 days, 1:09

25.06.2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 06-25-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 06-25-2004 winkey.reg

 

╗╗Performing 16bit string scan....

 

---------- WIN.TXT

f¨AppInit_DLLsÍìµG

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Windows

Hijacked

AppInit

UDeviceNotSelectedTimeout

zGDIProcessHandleQuota"

Spooler2

=pswapdisk

TransmissionRetryTimeout

VUSERProcessHandleQuota

 

**File C:\FINDnFIX\WIN.TXT

regf

Share this post


Link to post
Share on other sites

Well done! :D

Your bad file is positively identified on all counts!

This will take couple or more steps to fix.

Be sure to Follow the next set of steps carefully, in

the exact order specified:

 

 

-Open the FINDnFIX\Keys1 Subfolder!

- Locate the "MOVEit.bat" file,Right-Click on it,select->edit:

The file will open as empty text file.

-Copy and paste the entire hilited line in the following quote box

(all one line) into that blank 'MOVEit' file:

move %WinDir%\System32\MSL.DLL %SystemDrive%\junkxxx\MSL.DLL

 

-Save the file and close.

 

*Get ready to restart your computer:

-In the same folder, DoubleClick on the "FIX.bat" file.

You will be prompted by popup -Alert to restart in 15 seconds.

-Allow it to restart the computer!

 

-On restart, Navigate to:

C:\FINDnFIX\ main folder:

-DoubleClick on the "RESTORE.bat" file.

 

It'll run and produce new log. (log1.txt) post it here!

=====================================

*Note:

Some users are not able to edit the "MOVEit.bat" file .

'Only'-- If you get any error message (as file not found,etc)

Stop there and Use these alternate steps , instead:

 

-Proceed to run the FINDnFIX\Keys1\"FIX.bat" file

and allow the prompt to restart your computer.

 

-On restart, manually navigate to System32 folder,

locate the "MSL.DLL"

file (as it will be 'visible',) and use the folder's top menu:

edit>move to folder...

Select the "MSL.DLL" and move it to the

C:\junkxxx folder that was created.

Follow up by running the C:\FINDnFIX\"RESTORE.bat"<- file.

 

You only need to follow one step or another. not both.

 

However, upon completion of either step, post the output! (log1.txt)

Share this post


Link to post
Share on other sites

:wtf:

 

it seems that i am too dump for this ...

 

when i right-click the movit.bat icon it says "cant find movit.bat ...."

 

can u help me with this ?

Share this post


Link to post
Share on other sites
=====================================

*Note:

Some users are not able to edit the "MOVEit.bat" file .

'Only'-- If you get any error message (as file not found,etc)

Stop there and Use these alternate steps , instead:

 

-Proceed to run the FINDnFIX\Keys1\"FIX.bat"<- file

and allow the prompt to restart your computer.

 

-On restart, manually navigate to System32 folder,

locate the "MSL.DLL"

file (as it will be 'visible',) and use the folder's top menu:

edit>move to folder...

Select the "MSL.DLL" and move it to the

C:\junkxxx folder that was created.

Follow up by running the C:\FINDnFIX\"RESTORE.bat"<- file.

 

 

..................post the output! (log1.txt)

Already replied! :D

Follow steps above, , instead.

Share this post


Link to post
Share on other sites

i missed that one, ... sorry. :whistle:

 

heres the log:

 

 

25.06.2004

3:57pm up 0 days, 0:08

 

Microsoft Windows XP [Version 5.1.2600]

Der Typ des Dateisystems ist NTFS.

C: ist nicht fehlerhaft.

 

*Locked files...

* result\\?\C:\junkxxx\MSL.DLL

 

»»»Filtering files in System32.......( 'R;H;S') »»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

No matches found.

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\JUNKXXX\

msl.dll Thu 24 Jun 2004 10:00:48 A...R 57.344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57.344 bytes 56,00 K

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\JUNKXXX\MSL.DLL

 

 

Search text: ÝSTREAMINGDEVICESETUP2Þ ®CASE Insensitive Match

Searching ==>C:\JUNKXXX\MSL.DLL

Run Time(sec) 0

**File C:\JUNKXXX\MSL.DLL

0000DEBE: 67 44 65 76 69 63 65 00 . 00 53 74 72 65 61 6D 69 gDevice. .Streami

0000DED3: 63 65 53 65 74 75 70 00 . 32 00 00 00 00 00 E0 01 ceSetup. 2.....à.

 

 

 

-ra-- W32i - - - - 57,344 06-24-2004 msl.dll

A R C:\junkxxx\msl.dll

File: <C:\junkxxx\msl.dll>

CRC-32 : D5C9FB2E

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249

 

 

»»Permissions:

C:\junkxxx\msl.dll VORDEFINIERT\Administratoren:F

NT-AUTORITŽT\SYSTEM:F

WEST\maiki:F

VORDEFINIERT\Benutzer:R

 

Directory "C:\junkxxx\."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x VORDEFINIERT\Administratoren

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT-AUTORITÄT\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x WEST\maiki

Allow 0000000B -co- 10000000 ---A ---- ---- \ERSTELLER-BESITZER

Allow 00000003 tco- 001200A9 ---- -S-- r--x VORDEFINIERT\Benutzer

Allow 00000002 tc-- 00000004 ---- ---- --+- VORDEFINIERT\Benutzer

Allow 00000002 tc-- 00000002 ---- ---- -w-- VORDEFINIERT\Benutzer

 

Owner: WEST\maiki

 

Primary Group: WEST\Kein

 

Directory "C:\junkxxx\.."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x VORDEFINIERT\Administratoren

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT-AUTORITÄT\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- \ERSTELLER-BESITZER

Allow 00000003 tco- 001200A9 ---- -S-- r--x VORDEFINIERT\Benutzer

Allow 00000002 tc-- 00000004 ---- ---- --+- VORDEFINIERT\Benutzer

Allow 0000000A -c-- 00000002 ---- ---- -w-- VORDEFINIERT\Benutzer

Allow 00000000 t--- 001200A9 ---- -S-- r--x \Jeder

 

Owner: VORDEFINIERT\Administratoren

 

Primary Group: NT-AUTORITÄT\SYSTEM

 

File "C:\junkxxx\msl.dll"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x VORDEFINIERT\Administratoren

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT-AUTORITÄT\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x WEST\maiki

Allow 00000010 t--- 001200A9 ---- -S-- r--x VORDEFINIERT\Benutzer

 

Owner: WEST\maiki

 

Primary Group: WEST\Kein

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read VORDEFINIERT\Benutzer

(ID-IO) ALLOW Read VORDEFINIERT\Benutzer

(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren

(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren

(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM

(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM

(ID-IO) ALLOW Full access ERSTELLER-BESITZER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read VORDEFINIERT\Benutzer

Full access VORDEFINIERT\Administratoren

Full access NT-AUTORITŽT\SYSTEM

 

 

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æG

 

---------- NEWWIN.TXT

fùAppInit_DLLsÖ?æGø

 

**File C:\FINDnFIX\NEWWIN.TXT

**File C:\FINDnFIX\NEWWIN.TXT

000012F8: 01 00 00 00 01 00 66 F9 . 5F 44 4C 4C 73 D6 8D E6 ......fù _DLLsÖ?æ

**File C:\FINDnFIX\NEWWIN.TXT

regf

Share this post


Link to post
Share on other sites

:thumbsup: Great progress! :thumbsup:

 

Last step(s):

 

 

-Open the FINDnFIX\Files2< Subfolder:

Run the -> "ZIPZAP.bat" file.

It will quickly clean the rest and

will make a copy of the bad file(s) in the same

folder (junkxxx.zip) and open your email client with instructions:

Simply drag and drop the 'junkxxx.zip' file from

the folder into the mail message and submit

to the specified addresses! Thanks!

 

When done, Delete and entire 'FINDnFIX' file+folder(s)

From C:\

 

 

As for the remains, run any and all

removal tools once again as they should work properly now!

In particular, CWShredder.exe and fully updated Ad-Aware!

 

Feel free to post follow up hijackthis log when done! :)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0