Tech Support Forum - View Single Post

greyknight17 · 06-10-2006, 09:04 PM

Welcome to TSF.

Please print the below instructions or copy them to Notepad.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ). Make sure to close any internet browsers that may still be open.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - blank (file missing)
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O23 - Service: DirectX Service (DirectRekl) - Unknown owner - c:\windows\system32\directx.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Zelimir\LOCALS~1\Temp\hpdj.exe (file missing)

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop DirectRekl
sc delete DirectRekl
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

c:\windows\system32\directx.exe - this is a file you are deleting, not a folder

Restart. Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply along with a new HijackThis log.

06-10-2006, 09:04 PM	#2 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Welcome to TSF. Please print the below instructions or copy them to Notepad. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff. Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ). Make sure to close any internet browsers that may still be open. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one: R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - blank (file missing) O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file) O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O23 - Service: DirectX Service (DirectRekl) - Unknown owner - c:\windows\system32\directx.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Zelimir\LOCALS~1\Temp\hpdj.exe (file missing) Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: sc stop DirectRekl sc delete DirectRekl del delete.bat Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it. Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them): c:\windows\system32\directx.exe - this is a file you are deleting, not a folder Restart. Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm * Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it. * Click 'Check Now' & a pop-up window will appear. * Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size). * Begin the scan by selecting My Computer. * If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later. * Click on see report. Then click Save report. * Post that log in your next reply along with a new HijackThis log. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools