Member Panel

ok heres the new scan with hidden files and folders on and also the new hjt log

First, downLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe. Save it to your desktop; we will use it shortly.

Next, reboot into safe mode. To learn how to do that, go to Getting into Windows Safe Mode. Next, please right-click on the start button > explore. Click on Tools, Folder Options, and then View. Make sure that there is a tick next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.

Now, run HJT again, click 'do system scan only', and place a check next to the following:

O2 - BHO: Lefty - {8606F990-FD48-4428-B8C3-E8C78BC7B8BB} - C:\WINDOWS\system32\nsc69.dll
O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\system32\nsx54.dll
O4 - HKLM\..\Run: [MbarInstall] C:\WINDOWS\mirar_distro_876260.exe
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

******************************************
Go to start > control panel > Add remove programs - remove all occurrences of Viewpoint.
******************************************

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\mirar_distro_876260.exe
C:\WINDOWS\system32\nsx54.dll
C:\WINDOWS\system32\nsc69.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

******************************************

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

******************************************

reboot into normal mode, and post a new hjt log please.

Thanks,

v

O2 - BHO: Lefty - {8606F990-FD48-4428-B8C3-E8C78BC7B8BB} - C:\WINDOWS\system32\nsc69.dll

O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\system32\nsx54.dll



werent in the HJT lo when i ran it in both safe and normal mode as for the other 2 i checked next to them then clicked on fix selected... as for killbox



C:\WINDOWS\system32\nsx54.dll
C:\WINDOWS\system32\nsc69.dll



didnt exist but i got th eother one and lastly there was no c:/winnt folder but i did get c:/windows/temp and heres the new HJT log (from normal mode)

looking better.....run hjt again, place a check by

O20 - AppInit_DLLs:

and click fix checked.

How's the machine running now?

Also post a new hjt log, and I may have you run another app here shortly.....

i got this error when i treicd to fix that last file yuo just osted:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: )
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



but it seems to have been fixed as its not there anymore... also the pc seems to be running fine it looks as if that alcra problem is gone... heres the new hjt log

good.....glad it's running better. I want you to run another online scan and give me the report, but I think we are very close to being done. Please go to Trend Micro - Free online virus Scan and run housecall. Let if fix everything that it finds, and allow it to run a second time. If it gives you the option of saving a log, please do so, as I really want to see it. I think we are on the final leg.

thanks,

v

ok just scanned with trendmicro.. never was able to get a log though.. first scan turned up with a lot of stuff which i had it fix/clean or delete second scan turned up clean