View Single Post

**Buzz1927** · 03-29-2006, 11:14 AM

Uninstall Viewpoint Manager.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [yaemu.exe] D:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E5E52A6-1258-4B1A-91D0-C2AB27F8ABB4}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{97163CA2-2409-4263-B98C-B6369BB91FFF}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3ED65A6-7541-4380-B6E3-FDEFF60809AC}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7F59573-AB64-4FFE-848E-42AC2FBE3D1E}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE583EAF-8825-4FB6-BC4C-BCE034D451B4}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10

Close all open windows and browsers, and hit "Fix Checked".

Delete these files.

D:\WINDOWS\system32\yaemu.exe
C:\Windows\xpupdate.exe

Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. Select "Remove" and "Perform action on all Infections" and "Create encrypted backup".
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Then restart the computer and post a new Hijackthis log.

03-29-2006, 11:14 AM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	Uninstall Viewpoint Manager. Run Hijackthis and select "Do a system scan only", place a check by the following entries. O4 - HKLM\..\Run: [yaemu.exe] D:\WINDOWS\system32\yaemu.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{2E5E52A6-1258-4B1A-91D0-C2AB27F8ABB4}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{97163CA2-2409-4263-B98C-B6369BB91FFF}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3ED65A6-7541-4380-B6E3-FDEFF60809AC}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{D7F59573-AB64-4FFE-848E-42AC2FBE3D1E}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{FE583EAF-8825-4FB6-BC4C-BCE034D451B4}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10 O17 - HKLM\System\CS2\Services\Tcpip\..\{08E3B69C-95C7-41FC-A43A-CCA2D84A42BC}: NameServer = 85.255.116.148,85.255.112.10 Close all open windows and browsers, and hit "Fix Checked". Delete these files. D:\WINDOWS\system32\yaemu.exe C:\Windows\xpupdate.exe Please download, install, and update the NEW free version of Ewido trojan scanner: When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. From the main ewido screen, click on update in the left menu, then click the Start update button. After the update finishes (the status bar at the bottom will display "Update successful") Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run. If ewido finds anything, it will pop up a notification. Select "Remove" and "Perform action on all Infections" and "Create encrypted backup". When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. Then restart the computer and post a new Hijackthis log. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi