Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

HELP: spacer virus thingy is ruining my life

Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    CLICK HERE to download the HijackThis Installer:
    1. Save HJTInstall.exe to your desktop.
    2. Double-click on HJTInstall.exe to run the program.
    3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    4. Accept the license agreement by clicking the "I Accept" button.
    5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    6. Click "Save log" to save the log file and then the log will open in Notepad.
    7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
    8. Come back here to this thread and paste the log in your next reply.
    9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    you've got the looksky virus.

    try this:

    Download http://downloads.andymanchesta.com/R...ools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


  • Banned (with Prison Access) Posts: 1,322 ✭✭✭Package


    thanks lads, ill get a chance to do them tomorrow night and ill post a reply. thanks


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    SDFix doesn't remove the looksy virus matt-dublin, it is part of the Smitfraud family so he needs to run SmitfraudFix. Also it's better to wait till you see a HJT log before you bring out the big guns like SDFix.

    Package please don't run SDFix as it's not needed, instead just post a HijackThis log and we will continue from there.


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    ASJ: FYI
    http://www.lavasoftsupport.com/index.php?showtopic=10940&pid=48752&mode=threaded&start=

    smitfraudfix doesn't work.

    Lavasoft recommend SDFix


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Matt FYI :
    http://www.geekstogo.com/forum/How-to-remove-trojan-w32-looksky-removal-instructions-t165752.html

    I am quite sure that if we upload the looksy file onto jotti/virustotal(you know what those are?) that they will pretty much all report it as part of the zlob family, aka the Smitfraud family.
    smitfraudfix doesn't work.
    SmitfraudFix does work, and I have already used it myself to remove the looksy virus(as well as everybody else in the anti-malware community).

    Also this link that you posted
    http://www.lavasoftsupport.com/index.php?showtopic=10940&pid=48787&mode=threaded&start=#entry48787
    SDFix removed nothing. Have a look at it's log. The user had already removed everything with SmitfraudFix but was just complaining bout his desktop background.


    The only bad entry in that users log was this
    O21 - SSODL: msole - {10080C78-2D68-41C7-8C22-0ECC7709E159} - C:\WINDOWS\msole.dll (file missing)

    Which is Smitfraud, and which was pretty much removed with SmitfraudFix.


    Also you just cant have users run tools just cause you have googled search a similar result. That is dangerous and can do a lot of damage if your not careful.


    I'm not trying to be rude or smug here, but you are wrong, and the fact that you are only posting one link from a google search that doesn't even back up what you say, is not enough to warrant the user running SDFix.

    Oh and Lavasoft didn't recommend running SDFix to remove the looksy virus, this is misleading and looks like the company are saying to do that, when they aren't.


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    I'm not gonna bother argueing here, because both will work, i suggested sdfix because i will also scan for other malware & trojans as well as if looksky is on it, so will other things, I've used it before and its fine. The reason why i posted the link was because the volunteer security team have to be accredited before they can become a member of the teams and their advice is generally spot on.

    and yes, you are trying to be smug.

    I'll just leave it at reminding you of a pm you sent me in late july.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    because the volunteer security team have to be accredited before they can become a member of the teams and their advice is generally spot on.
    I assume you are talking about Lavasoft here, I know miekiemos, she helps out on a lot of the same sites that I help out on, and I have done the necessary training to be offering help like she does. You haven't.
    and yes, you are trying to be smug.
    No I'm not, I just don't like it when people post advice when they have no idea what they are talking about, especially when it is the wrong advice.
    I'll just leave it at reminding you of a pm you sent me in late july.
    I PMed you about something totally different. I was asking you bout a career in Networks and Security, that doesn't mean you are better at dealing with virus and malware problems than me. I clearly know more about dealing with viruses than you from your posts.
    because both will work
    Have a look at these
    http://www.geekstogo.com/forum/trojan-w32-looksky-t167662.html
    http://www.geekstogo.com/forum/Trojan-W32-Looksky-HELP-has-totally-gone-t167685.html
    http://www.commentcamarche.net/forum/affich-3381858-j-ai-ete-infecte-par-trojan-w32-looksky
    If you want to remove looksy, you use SmitfraudFix.


    You should be more careful posting advice to the users when you have absolutely no training when dealing with SDFix, HijackThis, SmitfraudFix, or any of the other tools you would need in helping out the OP. These tools can wreck PC's when in inexperienced hands like yourself.


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    and I have done the necessary training to be offering help like she does. You haven't.
    How do you qualify this remark?

    I like the way you presume to know what i do, how i am trained and how i do things.

    PS i like your googled links too.

    especially considering your last : http://www.commentcamarche.net/forum/affich-3381858-j-ai-ete-infecte-par-trojan-w32-looksky is in french


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You may be happy to have the OP's topic get side-tracked with a petty argument since chances are you won't be helping him. But chances are I will be the one to fix his PC up, like I have for the past 6-12 months for every spyware problem posted on boards, so it makes more sense to continue this via PM. I can't promise I won't ignore your PM, but it makes more sense to keep this discussion there.
    I like the way you presume to know what i do, how i am trained and how i do things.
    Well do you help out analyzing HijackThis logs on the biggest PC anti-malware sites on the net? You may have a good degree and plenty of work experience, however you don't have the expertise in dealing with HijackThis logs and all the other tools that are needed when fixing PC's.
    PS i like your googled links too.
    At least mine back up my point. I point you to a "How to remove trojan looksy" guide and you still argue the point. Ridiculous. As for the french link, thats quite a known site in the community, and even with basic french you should be able to understand that they are dealing with the trojan.looksy and they use SmitfraudFix to remove it.


    To the OP, sorry for side-tracking your topic like this. When you post a HijackThis log it will tell us a lot more.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    I have no interest in argueing, but considering you keep telling me i am unqualified to do the work i had better quit my job that i've been doing for the last 6 years, throw my cs degree out the window, along with my MSCE, CCNA and 8 ICS/other certs i have out the window.

    Nice work,

    and if you don't believe in sdfix, you shouldn't recommend it to anyone for anything:
    http://www.boards.ie/vbulletin/showpost.php?p=53518274&postcount=11


  • Registered Users, Registered Users 2 Posts: 341 ✭✭Croc


    In the event that Matts suggestion does not work do the following.

    Go to http://www.ubcd4win.com

    Download it, extract the file to your hard-drive.
    It should create a shortcut to your desktop called PE or Pe Builder

    Run the program. (Make sure you have Windows CD In Your Drive)
    First Field Tell Computer location of Windows Disk.
    Second Field leave default setting.
    Media Out Put (Click Radio Button To Create ISO Image)
    Click "Plug ins Button" you will see list of programmes it has, update the Spyware & Anti Virus Ones to latest Definitions. When finished updating go back to main window and click "Build Button" If everything is ok it should build an ISO Image.
    Burn the Image with Nero or some such burning programe.
    Reboot you computer making sure to turn off System Restore in Control Panel.
    Set you computer to boot from CD Drive (In Bios) it should boot from this CD you have created (Takes a while to boot be patient)
    You will eventually boot to a windows like envioroment from where you can run the Spyware & Anti Virus.

    Beauty of this method is you are not booting from your hard drive so what ever is infecting the PC cannot startup hence allowing you to remove it.

    Make sure you turn off System Restore because you may reinfect the PC again after you reboot, as most of these viruses etc can restore them selves from System Restore" Don't forget to turn on System Restore when you are done


  • Registered Users, Registered Users 2 Posts: 2,593 ✭✭✭Soundman


    Yeah well my cat smells better than your cat. So neeener neener neeeeeener! :p

    Lads. The OP is looking for help. He isn't looking to watch some atrocious drama programme.


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    Soundman wrote:
    Yeah well my cat smells better than your cat. So neeener neener neeeeeener! :p

    Lads. The OP is looking for help. He isn't looking to watch some atrocious drama programme.
    agreed, time to move on...


  • Closed Accounts Posts: 197 ✭✭jmck87


    oh i love geek fights.... please continue...

    yee are sad lads, like 2 year olds...


  • Closed Accounts Posts: 669 ✭✭✭pid()


    To remove the errors relating to privacy_danger, remove its folder in c:\windows and also delete your temporary internet files to stop the error which will pop up once the privacy_danger folder is removed.


  • Registered Users, Registered Users 2 Posts: 2,497 ✭✭✭Nick_oliveri


    "neeener neener neener" roflage! :P
    Sounds like a nasty virus. I was nearly stupid enough to click that link in the OP! Is it evil?


  • Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    the link is fine, it just points to a webpage with a link to install anti spyware...


  • Banned (with Prison Access) Posts: 1,322 ✭✭✭Package


    i dont give a **** who argues with who, once between the two of you it ets fixed. firstly heres the log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:30 PM, on 8/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wireless Presenter] C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe /NOSPLASH
    O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\suzan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O21 - SSODL: wmpenv - {997FD978-8B25-4440-811C-9DD2A816493E} - C:\WINDOWS\wmpenv.dll
    O21 - SSODL: wmpconf - {C168A5C5-AACA-4D1B-942C-D2CE735ED47A} - C:\WINDOWS\wmpconf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 6593 bytes



    so, if everyone is in agreement. whats next????


  • Banned (with Prison Access) Posts: 1,322 ✭✭✭Package


    ok. the fake background seems to have gone for good. but there is still an annoying pop up box which reads this

    "windows has detected an internal attack attempt.somebodys trying to infect your pc with harmful spyware or harmful viruses. run full system scan now to protect your pc from internal attacks, hijacking attempts and spyware. click here to download spyware remover for total prtection"


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Lol Package, do the following :)

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
    O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
    O21 - SSODL: wmpenv - {997FD978-8B25-4440-811C-9DD2A816493E} - C:\WINDOWS\wmpenv.dll
    O21 - SSODL: wmpconf - {C168A5C5-AACA-4D1B-942C-D2CE735ED47A} - C:\WINDOWS\wmpconf.dll


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    3. Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

    SecurePCCleaner




    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\duocore.dll
      C:\Program Files\SecurePCCleaner
      C:\WINDOWS\wmpenv.dll
      C:\WINDOWS\wmpconf.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.


    So in your next reply please post the following : the SmitfraudFix report, a new HijackThis log, the OTMoveIt results, and tell me how your PC is running now and if you had any problems.


  • Banned (with Prison Access) Posts: 1,322 ✭✭✭Package


    thanks for the speedy reply mate. ill do it tomorrow when my heads not about to explode. thanks again


Advertisement