Tech Support Forum - View Single Post

sUBs · 04-16-2006, 12:54 PM

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

We're gonna disinfect this machine using a series of fixes. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

* * * * * *

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.

Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread when you have finished the rest of the fix. If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

* * * * * *

Download and run - bfu.zip
Checkmark the following boxes:
- Use settings specified in script for the above option
- Show log after script ends
Click the Web button located on the top right corner
Copy/Paste this url into the address bar of the Download script window:

http://metallica.geekstogo.com/alcanshorty.bfu
Execute the script by clicking the Execute button.
When it finishes running, click the Save button for a copy of the log
Post the log created by the script when you have completed the fix

* * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = https=00904c600400:6
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Winamp Sound System] winampcss.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinnrag.exe CORN001
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname11.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\RunServices: [Winamp Sound System] winampcss.exe
O4 - HKCU\..\Run: [ruzr] C:\PROGRA~1\COMMON~1\ruzr\ruzrm.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\ASEMBL~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Vexw] C:\Program Files\Common Files\?asks\??rss.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\MHC71DEU.DLL
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\kkdda.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\kfdcz2.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

* * * * * *

Download & save on Desktop - ssk_remove.zip
Double click the file within & follow the prompts. It shall reboot automatically & produce a log for you to post back here.

* * * * * *

In your next reply, I shall require these logs:

fresh HiJackThis log

L2Mfix's log

Bfu's log

SSK_remove's log

04-16-2006, 12:54 PM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,452 OS: N/A	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. We're gonna disinfect this machine using a series of fixes. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * Please do the following: Download & immediately run - L2MFix.exe Click "Install" to extract the contents to a newly created folder. Close any programs you have open since this step requires a reboot. From the l2mfix folder, double click l2mfix.bat Select option #2 for Run Fix by typing 2 and then pressing enter ONCE. Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot" On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread when you have finished the rest of the fix. If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files. * * * * * * Download and run - bfu.zip Checkmark the following boxes: Use settings specified in script for the above option Show log after script ends Click the Web button located on the top right corner Copy/Paste this url into the address bar of the Download script window: http://metallica.geekstogo.com/alcanshorty.bfu Execute the script by clicking the Execute button. When it finishes running, click the Save button for a copy of the log Post the log created by the script when you have completed the fix * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = https=00904c600400:6 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Winamp Sound System] winampcss.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinnrag.exe CORN001 O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe O4 - HKLM\..\Run: [newname] c:\windows\newname11.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\RunServices: [Winamp Sound System] winampcss.exe O4 - HKCU\..\Run: [ruzr] C:\PROGRA~1\COMMON~1\ruzr\ruzrm.exe O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\ASEMBL~1\mmc.exe" -vt ndrv O4 - HKCU\..\Run: [Vexw] C:\Program Files\Common Files\?asks\??rss.exe O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\MHC71DEU.DLL O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\kkdda.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\kfdcz2.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) * * * * * * Download & save on Desktop - ssk_remove.zip Double click the file within & follow the prompts. It shall reboot automatically & produce a log for you to post back here. * * * * * * In your next reply, I shall require these logs: fresh HiJackThis log L2Mfix's log Bfu's log SSK_remove's log __________________ Question - what have you done for the community today? Last edited by sUBs; 04-16-2006 at 12:56 PM.