
Can I Please Get Hepl With My Log
#1
Posted 04 May 2007 - 07:38 AM
Register to Remove
#2
Posted 05 May 2007 - 06:49 AM
I see no protection at all on your PC

Click the HERE and Save, Install, Update and run a full scan.
Empty Recycle Bin
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#3
Posted 05 May 2007 - 07:58 AM
#4
Posted 05 May 2007 - 08:00 AM
Reviews aren't very good.
http://www.amazon.co...o/dp/B000LJTH1I
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
Posted 05 May 2007 - 11:19 AM
#6
Posted 05 May 2007 - 11:24 AM
Lets see if we can get the PC back on the internet. This file will fit on a floppy or thumb drive.
Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.
http://www.snapfiles...nsockxpfix.html
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
Posted 05 May 2007 - 05:54 PM
#8
Posted 05 May 2007 - 06:07 PM
- Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
- Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
- Consider what other private information could possibly have been taken from your computer and take appropriate steps
I suggest you do this:
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Click Start > Run > and type in:
services.msc
Click OK.
In the services window find TCP and UDP Supp0rt
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.
Close all windows and browsers.
Open HijackThis
Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the files below to select it:
C:\WINDOWS\9129837.exe
C:\WINDOWS\System32\__c006EA13.dat
C:\WINDOWS\System32\axks.dll
C:\WINDOWS\System32\tccpip.exe
Click on the Back button to exit Process Manager
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O2 - BHO: (no name) - {59d034cf-2a91-4e72-b9c5-039fde93ddd0} - C:\WINDOWS\system32\drmdex.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: drmdex - drmdex.dll (file missing)
O20 - Winlogon Notify: __c006EA13 - C:\WINDOWS\System32\__c006EA13.dat
O21 - SSODL: rUlkqwytSf - {90A7CCF8-3A0D-6652-CA90-137091E9E94E} - C:\WINDOWS\System32\axks.dll (file missing)
O23 - Service: TCP and UDP Supp0rt - Unknown owner - C:\WINDOWS\System32\tccpip.exe (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#9
Posted 05 May 2007 - 06:45 PM
#10
Posted 05 May 2007 - 06:51 PM

The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#11
Posted 05 May 2007 - 07:38 PM
#12
Posted 05 May 2007 - 07:43 PM
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\__c006EA13]
On the desktop, doubleclick fix.reg and allow it to run. Let it merge.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O20 - Winlogon Notify: __c006EA13 - C:\WINDOWS\System32\__c006EA13.dat (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\WINDOWS\System32\__c006EA13.dat
Empty Recycle Bin
Restart your computer.
Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#13
Posted 05 May 2007 - 08:09 PM
#14
Posted 06 May 2007 - 06:46 AM
You can remove any programs I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.
Log looks good

You need to create a new Clean restore point.
Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.
Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.
Only run one Anti-Virus and Firewall program.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.
Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware
Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#15
Posted 07 May 2007 - 05:34 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users