• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
DANBOB

Media Player starts when starting computer

4 posts in this topic

MS Media Player starts every time I turn on my computer. It is not in the start up folder and I have seen other people post this issue and get help. I also have a hijack issue in my browser that goes to a Page Not found the first time I open my browser. After the first time the browser is ok. I have use the options to try to reset the browser but the problem keeps recurring.

 

This is the url that the my browser is hijacked to:

http:///4.3.11%20FrontPage/5.0.2.2635%20mod_ssl/2.8.22%20OpenSSL/0.9.7a%20PHP-CGI/0.1b

 

Following is my HijackThis log.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:35:44 PM, on 6/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\program files\quicktime\qttask.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE

C:\Program Files\Common Files\AOL\1113700568\ee\AOLSoftware.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

c:\program files\common files\aol\1113700568\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1113700568\ee\aolsoftware.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\DOCUME~1\Default\LOCALS~1\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar4.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar4.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AutoLoaderq9op1INjLKYM] "C:\WINDOWS\System32\hndcz.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible

O4 - HKLM\..\Run: [RO_tater] C:\WINDOWS\SYSTEM32\RO_tater2.exe -invisible

O4 - HKLM\..\Run: [qm7V36Q] hndcz.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [446M67D56NAXPY] C:\WINDOWS\System32\Lryrg9.exe

O4 - HKLM\..\Run: [QUVGXkox] C:\PROGRA~1\vutvsr\pvwqww.exe

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113700568\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\RunServices: [svhost.exe] svhost.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~6\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)

O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\CONTENT.IE5\OPE70167\ACCESS[1].EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - CmdMapping|{000007C6-17DF-4438-92A4-DE5537471BA3} - (no file) (HKCU)

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\CONTENT.IE5\OPE70167\ACCESS[1].EXE (file missing) (HKCU)

O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll

O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159729018541

O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://control.everdream.com/cf1live/stati.../weblaunch2.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab

O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\laghours.dll (file missing)

O20 - Winlogon Notify: msguard - eplrr0.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wsrv - C:\WINDOWS\SYSTEM32\wsrv.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Remote Procedure Call (RPC) Extensions (RpcxSs) - Unknown owner - C:\WINDOWS\system32\rpcxss.exe

 

thanks for your assistance

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi DANBOB,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

OK, here’s what we do first.

 

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

 

Please download SDFix by AndyManchesta and save it to your desktop.

 

Double-click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix).

 

Please then reboot your computer into Safe Mode by doing the following:

  • Restart your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
  • Instead of Windows loading as normal, a menu with options should appear.
  • Select the first option, to run Windows in "Safe Mode", then press "Enter".
  • Choose your usual account.

Once in Safe Mode, please do the following:

  • Open the extracted C:\SDFix folder and double-click on RunThis.bat to start the script.
  • Type "Y" to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found, then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process, then display "Finished", press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally, copy and paste the contents of the results file Report.txt back onto the forum.

 

NEXT:

 

Please download ComboFix by sUBs:

 

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.

 

 

NEXT:

 

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe –invisible

O4 - HKLM\..\Run: [RO_tater] C:\WINDOWS\SYSTEM32\RO_tater2.exe –invisible

O4 - HKLM\..\Run: [qm7V36Q] hndcz.exe

O4 - HKLM\..\Run: [446M67D56NAXPY] C:\WINDOWS\System32\Lryrg9.exe

O4 - HKLM\..\Run: [QUVGXkox] C:\PROGRA~1\vutvsr\pvwqww.exe

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\RunServices: [svhost.exe] svhost.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)

O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\CONTENT.IE5\OPE70167\ACCESS[1].EXE (file missing)

O9 - Extra button: (no name) - CmdMapping|{000007C6-17DF-4438-92A4-DE5537471BA3} - (no file) (HKCU)

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\CONTENT.IE5\OPE70167\ACCESS[1].EXE (file missing) (HKCU)

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\laghours.dll (file missing)

O20 - Winlogon Notify: msguard - eplrr0.dll (file missing)

O20 - Winlogon Notify: wsrv - C:\WINDOWS\SYSTEM32\wsrv.dll

O23 - Service: Remote Procedure Call (RPC) Extensions (RpcxSs) - Unknown owner - C:\WINDOWS\system32\rpcxss.exe

 

 

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

 

Then please exit HijackThis.

 

 

NEXT:

 

Please go to Start -> Run and type (or copy and paste) the following lines in the "Open" field, ONE AT A TIME, then click "OK":

 

sc stop RpcxSs

 

sc delete RpcxSs

 

 

NEXT:

 

Go to Start -> Control Panel -> Add/Remove Programs and remove any of the following that are listed:

 

BearShare

 

 

You can replace it with one of the more reputable P2P programs listed on this page:

http://p2p.malwareremoval.com/

 

 

NEXT:

 

For this next step, please ensure that ComboFix.exe is on your desktop:

  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")
     
     
    File::
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\SYSTEM32\RO_tater2.exe
    C:\WINDOWS\System32\Lryrg9.exe
    C:\WINDOWS\SYSTEM32\wsrv.dll
    C:\WINDOWS\system32\rpcxss.exe
    
    Folder::
    C:\Program Files\vutvsr
    C:\Program Files\BearShare
    


     
     

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
     
    Combo-Do.gif
     
     
     
  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.

 

 

NEXT:

 

Please go to Start -> Search -> All files and folders.

 

In the "More advanced options" section, please place a check next to:

  • Search system folders.
  • Search hidden files and folders.
  • Search subfolders.

Then please search for the following files, and if found, please delete them:

 

hndcz.exe

svhost.exe

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from the SDFix scan.
  2. The logs from the ComboFix scan located at C:\ComboFix.txt and C:\ComboFix2.txt.
  3. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

 

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0