very annoying adware

[CBMatt]

Have you scanned with SUPERAntiSpyware yet?  If so, I'm interested in a log.

Blacklight found the following files...
C:\windows\system32\lphecjfnlq.exe
c:\WINDOWS\system32\lphecjfnlq.dat
c:\WINDOWS\system32\lphecjfnlq_nav.dat
c:\WINDOWS\system32\lphecjfnlq_navps.dat

Go ahead and let Blacklight clean those, the please post a new log along with a new HijackThis log.

[billh5773]

Sorry about the delay. Sunday is taken up with sermons etc. I have the logs and have attached the SAS to this note.

[cleaning up - attachment deleted by admin]

[billh5773]

here is the Hijack this log

[cleaning up - attachment deleted by admin]

[CBMatt]

Looks clean to me.

What about Blacklight?  Does it still pick up anything?
What's the status of your computer?  Are you still getting popups?

[billh5773]

CBMatt

I have cleaned Blacklight and it has not picked up anything since. So far, God willing, no pop-ups. I will run HJT again and send you the latest log.

Bill

[billh5773]

Dear CBMatt
here is the latest HJT log. I hope you can make sense of it!

[cleaning up - attachment deleted by admin]

[CBMatt]

Well, it was looking clean, but you appear to still be infected.  We're going to have to go over a few steps again.

First, I would like for you to download AVG Free, install it, and update it to the latest definitions.

Then I would like for you to get a firewall.  I usually wait to until after cleaning a log to suggest this, but I think you need it.  You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!  Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.



Once you have done all of that, do the following...
1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files.  Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file.  Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and follow my next steps...



I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

O4 - HKLM\..\Run: [lphecjfnlq] c:\windows\system32\lphecjfnlq.exe lphecjfnlq

O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res

O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7ADF3C66-6A7D-4572-A587-EC5B831D01B3}: NameServer = 205.188.146.145

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and  enable hidden files and folders.

Navigate to and delete the following file(s) if present...

c:\windows\system32\lphecjfnlq.exe
C:\WINDOWS\system32\linkprd.exe

Once you've done all of this, perform a full system scan with AVG and then reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.

[billh5773]

CBMatt
Thank you so much. Your instructions were as clear as day. I havd no problems following them, it just took a little time. I have attached a log and have no pop-up activity to report from the last 2 days. It seems as if you have worked a miracle!
Could I ask you one more small favour? Do you have any tips on how to get this machine to run any faster?my dog runs quicker than this and she's 11 years old.
many thanks
Bill

[cleaning up - attachment deleted by admin]

[CBMatt]

Congratulations, I see a clean log!  That was one tough cookie!  Heh.  Not only do you appear to be clean, but you now also have satisfactory protection software.  Just make sure you keep everything updated and perform routine scans in Safe Mode.

As for your speed...you could try going to Start > Run > msconfig.  Click on the Startup tab and uncheck any programs that you don't need to have running when you start your computer (chat clients, for example).  This may help improve things a bit.  How long have you been having speed issues?  Is this a long-time thing or is it more recent?




As a precaution, I would recommend cleaning out your System Restore files.  This is to remove any infected files that have been backed up by Windows.  Please follow these steps...

1.  Go to Start > Programs > Accessories > System Tools > System Restore
2.  Click on System Restore Settings.
3.  Check Turn off System Restore and click OK.
4.  Restart your computer.
5.  Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK.
6.  Create a new restore point and close the program.

System Restore will now be active again.  If you would like to learn more about System Restore, go here.

To learn more about how you may have been infected and for even more prevention tips, read Tony Klein's protection article.  Be sure to update us on your computer's performance and remember to practice safe surfing.  Come back if you have any questions or concerns.

[billh5773]

The speed thing has been coming for a while. my main problem now seems to be with the printer, a hp 3650 plug and play. It will plug but not play. Apart from that it's quite liveable thank you.
Bill

[Jonas Wauters]

Sorry Chris I hope that you don't mind that I Interrupt.
Is it a new printer?
Did there came any software along with the printer?
Did you already try to Dload a Hp deskjet 3650 Driver?
For the speeding issue what are your specs?

Jonas

[billh5773]

Its not a new printer. I can't find the software. I have already downloaded a driver from HP. It doesn't seem to load documents and is running from a local port named USB. I think that may be what is wrong.
As for specs, the only ones I know are on my face! Sorry but you really are talking to a Luddite here.
many thanks
Bill

[Jonas Wauters]

Did you try to install the driver?
What do you mean with I can't find the software?
Do you mean you lost it or there wasn't one in the first place?
With the specs I mean like the RAM, Processor,... of you computer like you can see mine at the bottom of every post.

Jonas

[CBMatt]

It might not be the best suggestion, but you may want to consider simply replacing your printer.  I think it would be less of a hassle.  And these days, certain stores sometimes sell printers for less than the price of an ink cartridge.  This wass the case at Rite-Aid in my area for awhile; not only was the printer cheaper than the ink, it even came with two free ink cartridges.

[billh5773]

Hello Chris.
Please bear with me. I cannot find the disc that came with the printer,so my wife would say I probably lost it. probably true.
As for specs, I have an AMD Sempron processor, a 40 gig hard drive and I think 512 memory. My grandchildren told me all this. I hope it means more to you than to me.