Tech Support Forum - View Single Post

mimo2005 · 11-14-2004, 01:44 AM

hi

open task manager (ctrl+alt+del)
end process if foound

WINLPU32.EXE
CONSCORR.exe

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Sys29] C:\WINDOWS\SYSTEM\WINLPU32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: (no name) - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O21 - SSODL: System - {A47C7F08-CD41-4682-A590-FCD6FBBF72C1} - C:\WINDOWS\system32\system32.dll

Restart to safe mode.

How to start your computer in safe mode
http://service1.symantec.com/SUPPORT...01052409420406

find and delete
you can use the windows search tool

C:\WINDOWS\system32\system32.dll
C:\WINDOWS\SYSTEM\WINLPU32.EXE
C:\WINDOWS\CONSCORR.exe

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

reboot

scan with HJT and post a new log

11-14-2004, 01:44 AM	#4 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,765 OS: xp	hi open task manager (ctrl+alt+del) end process if foound WINLPU32.EXE CONSCORR.exe Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe O4 - HKLM\..\Run: [Sys29] C:\WINDOWS\SYSTEM\WINLPU32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O9 - Extra button: (no name) - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file) O21 - SSODL: System - {A47C7F08-CD41-4682-A590-FCD6FBBF72C1} - C:\WINDOWS\system32\system32.dll Restart to safe mode. How to start your computer in safe mode http://service1.symantec.com/SUPPORT...01052409420406 find and delete you can use the windows search tool C:\WINDOWS\system32\system32.dll C:\WINDOWS\SYSTEM\WINLPU32.EXE C:\WINDOWS\CONSCORR.exe Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty the Recycle Bin reboot scan with HJT and post a new log Last edited by mimo2005 : 11-14-2004 at 01:45 AM.