web.link4all virus on my comp ...help

Welcome to Majorgeeks!

To fully clean any and all malwares from your PC please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

Once you have attached the requested logs from the above, then one of the malware experts here will look over them and if anything is left they will post some further easy to follow removal instructions for you.

 

You must follow all the directions that Halo gave to you. Just because Bitdefender and Panda do not work, that does not explain why:
- you did not attach the log from GetRunKey
- you did not attach the log from ShowNew
- you did not install and rename HijackThis as requested. This is very important.

Do the above and attach the 3 logs!

 

Those file are related to Windows Live Messenger!


Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

C:\PROGRA~1\PRINTV~1\pvmodule.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Chris Duerden\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us22/n.cab
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\utl.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\PrintView<--- the whole folder
C:\Documents and Settings\Chris Duerden\Desktop\Yinstall.exe
C:\dfndrff_e12.exe
C:\eied_s7.cab
C:\kybrdff_e12.exe
C:\nwnmff_e12.exe

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

After reboot locate the below folder and delete it if found:
C:\Program Files\\Common Files\{6076E81A-0BF8-2057-1105-03072303002c}

Now attach a the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Okay boot into safe mode and look for the below files and if found delete them:

C:\WINDOWS\system32\ntoskrnl.dll
C:\WINDOWS\system32\ntsystem.exe
C:\WINDOWS\system32\mny.exe
C:\WINDOWS\system32\sprK.exe
C:\WINDOWS\system32\sprT.exe
C:\WINDOWS\system32\Xinstall.exe


Let me know the results and attach a new log from ShowNew.
How are things working now?

 

You forgot to uninstall Viewpoint Media Player in step 0 of the READ ME. Uninstall it now.

You also forgot to tell me how things are working!

 

We will take care of that further down in this message.

In my opinion yes! It is a bad idea and I don't find them necessary nor are the worth the impact they have on your system.

You have both AOL antispyware and Spyware Doctor running. Choose one and uninstall the other.

You can also have HJT fix the below two lines which are unnecessary to load at startup:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER



If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You do not need to use this tool because you do not have MS Java installed. You just need to install the current Sun Java version which is really need to enjoy many things on the internet.

No it does not need to be running. You only run it to get updates periodically and to have it enable protection for all the updates. It is a set it and forget it type tool (except for the checking for updates part)!