Tech Support Forum - View Single Post

Ried · 07-31-2006, 06:18 PM

Hi blitz960,

Good, now we can get the rest of them.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

**********************************************************************************************************

Download and install CleanUp!
NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you are unsure, you can download & run this tool to find out .....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

-----------------------------------------

Please disable the following program(s) as they may interfere with the fixes below. You may re-enable them when we are through:

Windows Defender:

Open Windows Defender.
Click on Tools, Options.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Ewido Guard

Open Ewido by double-clicking the orange icon in the system tray.
In the 'Your Computer's Securitysection, toggle the Ewido Guard Resident Shield 'off' by clicking Change state which will then change the protection status to 'inactive'.

**********************************************************************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Save
WhenU
Viewpoint Manager

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [InpriseMon] RtlFindVal.exe
O4 - HKLM\..\Run: [prcmon] Shaitan1678.exe
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Brittney\LOCALS~1\Temp\{A572E7E1-29F1-431F-B494-15EA18F9B826}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKCU\..\Run: [TForm1] NsCplTray.exe
O4 - HKCU\..\Run: [MONITER] StatusCheck.exe
O4 - HKCU\..\Run: [init32] NukeSpan.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Delete the following Files and Folders if they still exist.

C:\Program Files\Save
C:\Program Files\Viewpoint
C:\WINDOWS\SYSTEM32\CSZJQ.EXE
c:\windows\system32\d2kpax.dll
c:\windows\msxmidi.exe
C:\Documents and Settings\Brittney\Start Menu\Programs\WhenU
c:\program files\common files\WinSoftware
Do a search for the following via Start>Search>All files and folders:
RtlFindVal.exe
Shaitan1678.exe
NsCplTray.exe
StatusCheck.exe
NukeSpan.exe

-----------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Run another online scan at Panda and save the results.

In your next reply, please include the following:

Panda results
New HijackThis log
Update on your system behavior

07-31-2006, 06:18 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,608 OS: WinXP and Vista	Hi blitz960, Good, now we can get the rest of them. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ******************************************************************************************************** Download and install CleanUp! NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you are unsure, you can download & run this tool to find out .....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe ----------------------------------------- Please disable the following program(s) as they may interfere with the fixes below. You may re-enable them when we are through: Windows Defender: Open Windows Defender. Click on Tools, Options. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Ewido Guard Open Ewido by double-clicking the orange icon in the system tray. In the 'Your Computer's Securitysection, toggle the Ewido Guard Resident Shield 'off' by clicking Change state which will then change the protection status to 'inactive'. ****************************************************************************************************** Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login on your usual account. Make sure to close any open browsers. ----------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Save WhenU Viewpoint Manager ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [InpriseMon] RtlFindVal.exe O4 - HKLM\..\Run: [prcmon] Shaitan1678.exe O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Brittney\LOCALS~1\Temp\{A572E7E1-29F1-431F-B494-15EA18F9B826}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009" O4 - HKCU\..\Run: [TForm1] NsCplTray.exe O4 - HKCU\..\Run: [MONITER] StatusCheck.exe O4 - HKCU\..\Run: [init32] NukeSpan.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" Click 'Fix Checked' and close HijackThis. ----------------------------------- Go to My Computer->Tools->Folder Options->View** tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ----------------------------------- Delete the following Files and Folders if they still exist. C:\Program Files\Save C:\Program Files\Viewpoint C:\WINDOWS\SYSTEM32\CSZJQ.EXE c:\windows\system32\d2kpax.dll c:\windows\msxmidi.exe C:\Documents and Settings\Brittney\Start Menu\Programs\WhenU c:\program files\common files\WinSoftware Do a search for the following via Start>Search>All files and folders: RtlFindVal.exe Shaitan1678.exe NsCplTray.exe StatusCheck.exe NukeSpan.exe ----------------------------------- WARNING Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files"* and uncheck the box for "Scan drives for file matching" if it's checked. Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. ----------------------------------- Reboot into Normal Mode. ----------------------------------- Run another online scan at Panda and save the results. In your next reply, please include the following: Panda results New HijackThis log Update on your system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."