rmurphy

Members
 View Profile  See their activity

  • Content Count

    353

  • Joined

  • Last visited

 Content Type 

Posts posted by rmurphy

  6. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    Let's see if this picks anything up. If it doesn't, then I'm pretty sure your computer is clean.

    == Clear Temporary Files ==

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Close all Internet Explorer, Firefox, and Opera windows before continuing.
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    == Clear System Restore==

    Let's make a new restore point and clear the others:

    • Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
      Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer

    Please reboot your computer before continuing.

    == Kaspersky Web Scanner ==

    Please do an online scan with Kaspersky WebScanner

    You will need to use Internet Explorer to do this

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    == Request Logs ==

    Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.

    -Ryan

  9. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    Paste the following into Notepad

    cd C:\327882R2FWJFW
    dir /a:hsrd >> C:\TakeAPeek.txt
    echo -- >> C:\TakeAPeek.txt
    echo -- >> C:\TakeAPeek.txt
    cd C:\Program Files\temp01
    dir /a:hsrd >> C:\TakeAPeek.txt
    notepad C:\TakeAPeek.txt

    Save the file as "TakeAPeek.bat" (include the quotes), and save it to your desktop.

    Double click on the TakeAPeek.bat file. A black window will flash and then notepad will open with some text in it; paste that text, along with a new HJT log into your next reply.

    -Ryan

  10. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    lease download VundoFix.exe to your desktop

    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    -Ryan

  12. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    == Remove Programs ==

    Please go to Add/Remove Programs in the Control Panel, and remove the following programs

    • J2SE Runtime Environment 5.0 Update 4
      Java™ 6 Update 2

    Reboot your computer.

    == Install Latest Java ==

    Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

    Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

    Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

    Once it has finished downloading, double click it, and follow the prompts to install.

    If it asks to reboot, select NO.

    == Clear Temporary Files ==

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Close all Internet Explorer, Firefox, and Opera windows before continuing.
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    == Clear System Restore==

    Let's make a new restore point and clear the others:

    • Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
      Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer

    Please reboot your computer before continuing.

    == Kaspersky Web Scanner ==

    Please do an online scan with Kaspersky WebScanner

    You will need to use Internet Explorer to do this

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    == Request Logs ==

    Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.

    -Ryan

  13. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

    O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

    O2 - BHO: (no name) - {3481A7E2-99BC-4E14-BBAA-2A31FB6832D4} - (no file)

    O2 - BHO: (no name) - {549292CF-70D8-40B3-91B7-C27F307526EE} - (no file)

    O2 - BHO: (no name) - {5DA78D76-AD5D-4A6C-A117-006FACECFD14} - (no file)

    O2 - BHO: (no name) - {6B126F15-3B60-41C6-A2F6-3077E1AB871D} - (no file)

    O2 - BHO: (no name) - {6CBFA490-6A23-4348-8459-324B9C48FBA8} - (no file)

    O2 - BHO: (no name) - {78F8A82E-1169-4A66-BD55-3E1FD8F92FE7} - (no file)

    O2 - BHO: (no name) - {7DBFA940-6856-493F-BF58-5C4AE432DDDB} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {81F2D9D1-53A4-4910-9EA6-DB08C47541A3} - (no file)

    O2 - BHO: (no name) - {99543BCE-6B2F-4567-8F84-BDB211A2F0EE} - C:\WINDOWS\system32\sstts.dll (file missing)

    O2 - BHO: (no name) - {ABE4C2EB-B292-48BB-B5DD-75E1A3F8DC39} - (no file)

    O2 - BHO: (no name) - {CE9F413E-7C08-4F12-B62A-D86B1C175F1E} - (no file)

    O2 - BHO: (no name) - {D17557A2-8C4D-4EEE-B0AD-66FA473FD199} - (no file)

    O2 - BHO: (no name) - {D8C8B77C-08E8-47E7-8BE9-04EB1A5BE17F} - (no file)

    O2 - BHO: (no name) - {DC4D8DEC-DD3C-4366-A6EE-729D5107FEC2} - (no file)

    O2 - BHO: (no name) - {FDCA7757-71C1-446B-8F20-BB832B3CB2C9} - (no file)

    O2 - BHO: (no name) - {FE52ECA2-8FC7-4BC0-9175-1736715D3DE8} - (no file)

    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)

    O20 - Winlogon Notify: hggffge - C:\WINDOWS\

    Close all open windows except for HiJack This and click fix checked.

    Reboot your computer.

    Please rescan with HijackThis and post a fresh log, along with an uninstall list, in this same topic, and let us know how your system's working. :)

    To obtain an Uninstall list.

    • Open HijackThis, click Config, click Misc Tools
      Click "Open Uninstall Manager"
      Click "Save List" (generates uninstall_list.txt)

    -Ryan

  15. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    Let's try a different scanner for now.

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    -Ryan

  16. Hijack This Log : This Is My Computer Information[RESOLVED]

    in Malware Removal

    Posted

    Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      -----------------------------------------------------------

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

        -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

    [*]Double click on combofix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    -Ryan

  17. Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%

    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.

    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    -Ryan

  21. Hijack This Log - Could You Help Please[INACTIVE]

    in Malware Removal

    Posted

    I didn't see anything suspicious in the HiJackThis log, but let's run a couple other scans and make sure nothing's hiding. Here are the instructions for the first scan.

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    -Ryan

  23. Help, My Computer's Got Issues![INACTIVE]

    in Malware Removal

    Posted

    In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

    Press OK twice to get out of the properties screen and reboot if it asks.

    That option might not be avaiable one some systems

    Next Go start run type cmd and hit OK

    type

    ipconfig /flushdns

    then hit enter, type exit hit enter

    (that space between g and / is needed)

    Please download FixWareout from here:

    http://downloads.subratam.org/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

    -Ryan