Posts by Doctor Inferno

‡‡Please print out or copy this page to Notepad since you will can not have any of browsers open while you

are fixing this and follow it.

‡‡Please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).

3) Instead of Windows loading as normal, a menu should appear

4) Use the up arrow key to highlight Safe Mode and press Enter.

‡‡Please run HijackThis and click "Scan". Place checks next to the following entries if still present in the

code and

close all browser and other windows except for HijackThis, and click "Fix Checked".

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O20 - Winlogon Notify: __c0042D22 - C:\WINDOWS\system32\__c0042D22.dat (file missing)
O20 - Winlogon Notify: __c00C3FCC - C:\WINDOWS\system32\__c00C3FCC.dat (file missing)

‡‡Run your Antivirus and do a full scan remember this is all in safe mode.

‡‡Reboot into Normal Mode.

‡‡Please take the following steps with the Internet Explorer:

Internet Explorer -> Tools -> Internet Options -> Advanced -> Click - Restore advanced Settings -> Click - Reset... -> Click

- OK

‡‡Do another scan with HiJackThis in normal windows mode and post your new log file here for final verification. Make sure it

is a new log file.

Also let me know how the systems …

‡‡Please print out or copy this page to Notepad since you will can not have any of browsers open while you

are fixing this and follow it.

‡‡Please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).

3) Instead of Windows loading as normal, a menu should appear

4) Use the up arrow key to highlight Safe Mode and press Enter.

‡‡Please run HijackThis and click "Scan". Place checks next to the following entries if still present in the

code and

close all browser and other windows except for HijackThis, and click "Fix Checked".

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://windiwsfsearch.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = [url]http://windiwsfsearch.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://safesearch.cyberdefender.com/smallsearch.html[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dufpy.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://windiwsfsearch.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://windiwsfsearch.com/ie6.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://windiwsfsearch.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://windiwsfsearch.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://windiwsfsearch.com[/url]
O2 - BHO: VRLWarningBHO Class - {0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0} - C:\Program Files\VirusRL2009\AVLWarning.dll (file missing)
O2 - BHO: 590075 helper - {AFC8A14F-B50A-4F0F-8FB7-77982092D81D} - C:\WINDOWS\system32\590075\590075.dll (file missing)
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)

‡‡Run your Antivirus and do a …

If I have helped you, please mark the thread as solved.

Thank you.

So everything is running great for you? If so, I'm glad that I am able to help. Also, please mark the thread as solved.

It is best to install it in the C drive. Also note that no 2 antiviruses should be installed at the same time, it might cause your computer to crash.

Choosing between Internet Security and the antivirus is really up to you. Internet Security products provide an extra; firewall and antispyware which you need if you don't already have them.

Download SmitFraudFix from here and follow the instructions:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

and tell me how your system is running now.

Kaspersky won't slow down your PC. the ram usage of kaspersky shown in my task manager is barely 1MB.

I recommend Kaspersky if you can buy. It's by far the best I've tested.

Post a HijackThis log here.

You are probably infected with antivirus 2009.

Follow this removal guide on GeekPolice:

http://geekpolice.net/malware-removal-guides-f12/how-to-remove-antivirus-2009-removal-guide-t3138.htm

Glad that I am able to help.

You can read this article on How To Avoid An Infection here:

http://geekpolice.net/malware-removal-guides-f12/-t2710.htm

Please also mark the thread as sloved.

Regards.

Open hikacthis, place a check beside this and fix it:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/too...l?mode=toolbar

R3 - URLSearchHook: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\3.0\redifftoolbar.dll

O3 - Toolbar: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\3.0\redifftoolbar.dll

Then post back with a hiackthis log from version 2.0.2

Please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).

3) Instead of Windows loading as normal, a menu should appear

4) Use the up arrow key to highlight Safe Mode and press Enter.

Please run HijackThis and click "Scan". Place checks next to the following entries if still present in the code and close all browser and other windows except for HijackThis, and click "Fix Checked".

C:\DOCUME~1\Shalva\LOCALS~1\Temp\wintuihh.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Rename hijackthis.exe to inferno.exe and post a new log, also tell me the condition of your PC.

Make sure none of your security softwares are stopping it from accepting cookies. especially anti spywares.

Download the latest version of hijackthis and we shall proceed from there.

I believe is has a cause with malware...

This is most probably caused by the malware "F-Nimda"

The SHELLFIX.REG (download below) file is used to fix Explorer startup problems
resulted from unconditional termination of F-Nimda tool during
its operation.

If F-Nimda tool is terminated by a user or operating system while
it is scanning a hard disk, there will be no icons and no taskbar
on Windows desktop. To fix the problem you will have to run the
SHELLFIX.REG file.

Info here:

ftp://ftp.f-secure.com/anti-virus/tools/shellfix.txt

Download:
http://www.mediafire.com/?nnklnmfngto

Also, post a hijackthis log

Try updating your graphics driver to the latest version?

A file might exist with the name of the directory Setup attempted to create.

Exit Setup. Then determine if a file exists on the disk with a duplicate name. Delete the file from the disk. Otherwise, contact the supplier for replacement installation media.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/2530.mspx?mfr=true

Try a system restore?

Get a PDA and tap your shcool's wireless connection. Hack through the firewall, clear all the filters and done!
(Just Joking!) xD

With you bypassing, you can also get caught, if they really want to track you down.

Internet Download Manager. When you are downloading multiple files, you can minimize any of the windows to the system tray. But it is a commercial software. not free.

Use firefox or Opeara. It works for me. Try it.

Isn't Cabal.exe an executable of a game called "Cabal Online"?

Error: "Speed disk is unable to access drive C: . . " while analyzing or defragmenting

Situation:
You see the error message "Speed disk is unable to access drive C:. Please check the drive" after you start Speed Disk and it is analyzing the drive or when you start the defragmentation process.

The drive letter that is referred to in the message may be different on your computer.

Solution:
This problem is usually caused by the configuration or installation of the hard drive. For more information, read the document Error: "Drive X: may not be configured properly" when running Norton Disk Doctor or Speed Disk. That document lists the possible causes and solutions for this and similar error messages.

go here for more info...

http://service1.symantec.com/SUPPORT/nsw.nsf/pfdocs/2002101609060007?Open&docid=2002101609060007&nsf=nsw.nsf&view=0f75ab1a9982283d88256c250066dc94

If the .rar files come in continuous parts for example, file01, file 02, file03, file04, and so on... You can just right click the first file and select "extract here" without having to enter the passwords on by one.

But in your case, it seems that the parts are not continuous. I guess there is no other way than to type/paste in the password on by one.