Tech Support Forum - View Single Post

Sempurna · 02-25-2007, 03:06 AM

Hi tsf1jay,

Yes, you may delete what is inside the quarantine folders of both Norton and SpyWare Killer Pro. Do NOT delete the quarantine folders themselves, just the contents.

NEXT:

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

ClickSpring
Cowabanga by OIN
MediaTickets
MediaTickets by OIN
OIN
Outerinfo
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe Balls! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator
(Anything else with the word "OIN" or "Outerinfo" or "Outer Info Network" or "Yazzle" in them)

If none of the above programs are listed, then download and run this OIN Uninstaller.

NEXT:

Please also uninstall the following programs:

New.Net
NewDotNet

If it is not listed, follow these instructions:

From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_90.exe.
Download and save uninstall6_90.exe to the desktop.
Go to the desktop and double-click on uninstall6_90.exe
Click on the OK button.
After removal, you may be prompted to reboot. Please reboot even if not prompted.

NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {B46C7639-C8F4-E008-F7DA-C3DEBFC105B6} - C:\WINDOWS\system32\bvjg.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\FNTS~1\chkdsk.exe" -vt yazb
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.

NEXT:

Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the report generated and paste it in your next reply for me to see):

C:\Program Files\Common Files\{3417BE8B-0A1F-1033-0916-031025200001}
C:\Program Files\Common Files\{3417BE8B-0A20-1033-0916-031025200001}
C:\Program Files\Outerinfo
C:\Program Files\SpySheriff
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
C:\WINDOWS\system32\gka.dll
C:\cp1041.nls
C:\WINDOWS\system32\msnetax.dll
C:\WINDOWS\system32\wtssvcc.exe
C:\Program Files\NewDotNet
C:\WINDOWS\system32\bvjg.dll

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT:

Try deleting the C:\windows\Fonts folders manually. If you cannot delete it in Normal Mode, try doing the deletion in Safe Mode.

Please reboot your computer into Safe Mode by doing the following:

Reboot your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
Instead of Windows loading as normal, a menu should appear.
Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".

Also, please delete these folders:

C:\WINDOWS\FNTS~1
C:\WINDOWS\system32\s?stem32

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The report from OTMoveIt.
A new HijackThis log.

How are things running now? Please let me know of any problems that still persist.

02-25-2007, 03:06 AM	#9 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Hi tsf1jay, Yes, you may delete what is inside the quarantine folders of both Norton and SpyWare Killer Pro. Do NOT delete the quarantine folders themselves, just the contents. NEXT: Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed: ClickSpring Cowabanga by OIN MediaTickets MediaTickets by OIN OIN Outerinfo Outer Info Network PurityScan PurityScan by OIN Snowball Wars by OIN TizzleTalk TizzleTalk by OIN Yazzle by OIN Yazzle ActiveX by OIN Yazzle Cowabanga by OIN Yazzle Kobe Balls! By OIN Yazzle Picster by OIN Yazzle Snowball Wars by OIN Yazzle Sudoku by OIN Zolero Translator (Anything else with the word "OIN" or "Outerinfo" or "Outer Info Network" or "Yazzle" in them) If none of the above programs are listed, then download and run this OIN Uninstaller. NEXT: Please also uninstall the following programs: New.Net NewDotNet If it is not listed, follow these instructions: From a computer that has Internet access, click on the following link: http://www.new.net/support/uninstall6_90.exe. Download and save uninstall6_90.exe to the desktop. Go to the desktop and double-click on uninstall6_90.exe Click on the OK button. After removal, you may be prompted to reboot. Please reboot even if not prompted. NEXT: Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): O2 - BHO: (no name) - {B46C7639-C8F4-E008-F7DA-C3DEBFC105B6} - C:\WINDOWS\system32\bvjg.dll O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\FNTS~1\chkdsk.exe" -vt yazb O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll (file missing) O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing) Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the report generated and paste it in your next reply for me to see): C:\Program Files\Common Files\{3417BE8B-0A1F-1033-0916-031025200001} C:\Program Files\Common Files\{3417BE8B-0A20-1033-0916-031025200001} C:\Program Files\Outerinfo C:\Program Files\SpySheriff C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe C:\WINDOWS\system32\gka.dll C:\cp1041.nls C:\WINDOWS\system32\msnetax.dll C:\WINDOWS\system32\wtssvcc.exe C:\Program Files\NewDotNet C:\WINDOWS\system32\bvjg.dll Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. NEXT: Try deleting the C:\windows\Fonts folders manually. If you cannot delete it in Normal Mode, try doing the deletion in Safe Mode. Please reboot your computer into Safe Mode by doing the following: Reboot your computer. After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again. Instead of Windows loading as normal, a menu should appear. Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter". Also, please delete these folders: C:\WINDOWS\FNTS~1 C:\WINDOWS\system32\s?stem32 NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The report from OTMoveIt. A new HijackThis log. How are things running now? Please let me know of any problems that still persist. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 02-25-2007 at 03:23 AM.