Redirected using Google

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. The version of HJT that you are using has not been used for two years. Best guess is you have a WareOut infection that will need some special steps in addition to the below to remove.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates. PLEASE make sure you do this. If your HJT version is two years old, who knows about the rest of the tools you have.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

What problems are you having attaching files?

 

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O4 - HKLM\..\Run: [dmnsv.exe] C:\WINDOWS\system32\dmnsv.exe


After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\WINDOWS\system32\dmnsv.exe
C:\Program Files\UnSpyPC <--- delete the whole folder if found

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

 

Please do not post logs inline and do not use the paper clip to change attachments to inline links. They are annoying to use and require additional logins to read. Just attach them like I did in your previous message. You are still infected. You must avoid rebooting your PC inbetween posts because the problem seems to be mutating. You also must make sure that you have viewing of hidden and system files enabled per the READ & RUN ME or you will not be able to locate the files.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O4 - HKLM\..\Run: [dmmxf.exe] C:\WINDOWS\system32\dmmxf.exe

After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\WINDOWS\system32\dmmxf.exe
C:\WINDOWS\SYSTEM32\DMNSV.EXE

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

 

Just do not use the Paper Clip to attach files. Below your message window, use the Manage Attachments button to attach files. Using the Paper clicp makes them inline links and more difficult to read.

You are still infected. There must be some hidden files that are respawinging the problems. Please perform the below scans and attach both the Ewido and Spy Sweeper logs

Running Spy Sweeper

Running Ewido Anti-Malware

Then also attach a new HJT log! Again do not reboot or power down afterwards.

 

Okay! Now you are clean. You should uninstall bot SpySweeper and Ewido. That will help speed things up.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf Safely!