I need to clear some space

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by SylvesterTheStallone, Apr 2, 2005.

  1. SylvesterTheStallone

    SylvesterTheStallone Private E-2

    Hi,I followed the instructions in that thread,like using those spyware and virus programs,but i still suspect i have some spyware on my computer.
    Here is my Hijackthis log...
     

    Attached Files:

  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    You need to choose between AVG & Norton. Pick the one you want to keep and uninstall one because running two will cause conflicts.

    First:
    Download LSP-Fix

    After download is complete, Run LSP-Fix

    Check the Box labeled "I know what I'm doing" and then click on the xfire_lsp_11078.dll file (in the “Keep” section) to select it.

    Then, Select the >> button to move xfire_lsp_11078.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.

    (Note: If the file xfire_lsp_11078.dll is already in the remove section, then just click FINISH.)

    Second:
    Please update to Hijack This 1.99.1 and attach a new log using the new version.

    After doing the above, reboot and post a new HJT log.
     
  3. SylvesterTheStallone

    SylvesterTheStallone Private E-2

    Ok,here it is...
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please look in Add or Remove Programs for the following and Uninstall them if found:

    Kazaa Lite <-- Its up to you whether you want to keep this or not but let me remind you, ALL P2P contain spyware and can contain viruses.

    Note: If you decide to keep this, ignore it thru this post!

    Scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)

    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)

    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite\kpp.exe" "C:\Program Files\Kazaa Lite\kazaalite.kpp" /SYSTRAY
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\ROBKLO~1\LOCALS~1\Temp\Rar$EX00.157\FreeRAM XP Pro 1.40.exe" -win
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Reboot.exe

    O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/plugin/Blender3DPlugin.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

    C:\Program Files\Kazaa Lite ←–– Delete this whole folder!

    C:\Documents and Settings\ROBKLO~1\Local Settings\Temp\Rar$EX00.157\FreeRAM XP Pro 1.40.exe

    Reboot.exe ←–– Search for this file and delete when found!

    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.
    Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    Reboot to Normal Windows , Scan with HijackThis and attach the new log.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

    Good Luck!:)
     
  5. SylvesterTheStallone

    SylvesterTheStallone Private E-2

    Hey
    there was only one "O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)"
    But I guess you put it twice by accident,and I couldn't find "reboot.exe" i searched everywhere. I did find "reboot.lgc" however,I didn't do anything to it.
    By the way,I'm clicking "manage attatchments" and it's not doing anything,so I can't post an updated log yet...I'm going to bed now,so I won't respond for a bit.
     
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Yeah, I just noticed that I put it twice, I apologize.

    If you still cant upload a new log, then paste the log inline and I will have it converted for you.
     
  7. SylvesterTheStallone

    SylvesterTheStallone Private E-2

    Sorry I have to do this,but whenever I click manage attachments,nothing happens.Here's the log...

    Edit by chaslang: Inline log attached! Please explain exactly what happens when you click Manage Attachments.
     

    Attached Files:

    Last edited by a moderator: Apr 2, 2005
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds