rmurphy
-
Content Count
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rmurphy
-
-
Sorry nobody has gotten around to your post yet.
If you still need assistance, let me know, and post a new hijack this log.
-Ryan
-
Sorry nobody has gotten around to your post yet.
If you still need assistance, let me know, and post a new hijack this log.
-Ryan
-
Congratulations, your log is clean
For information on how to protect yourself in the future, read Infection Prevention
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
-
How's the computer running?
-Ryan
-
Let's see if this picks anything up. If it doesn't, then I'm pretty sure your computer is clean.
== Clear Temporary Files ==
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
== Clear System Restore==
Let's make a new restore point and clear the others:
- Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer
Please reboot your computer before continuing.
== Kaspersky Web Scanner ==
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
== Request Logs ==
Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.
-Ryan
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
-
How's the computer running?
-Ryan
-
Turn on any service you turned off, then post a HiJack This log from the profile you're having trouble with.
-Ryan
-
Paste the following into Notepad
cd C:\327882R2FWJFW
dir /a:hsrd >> C:\TakeAPeek.txt
echo -- >> C:\TakeAPeek.txt
echo -- >> C:\TakeAPeek.txt
cd C:\Program Files\temp01
dir /a:hsrd >> C:\TakeAPeek.txt
notepad C:\TakeAPeek.txtSave the file as "TakeAPeek.bat" (include the quotes), and save it to your desktop.
Double click on the TakeAPeek.bat file. A black window will flash and then notepad will open with some text in it; paste that text, along with a new HJT log into your next reply.
-Ryan
-
lease download VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
-Ryan
- Double-click VundoFix.exe to run it.
-
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
-Ryan
- Close all other windows before proceeding.
-
== Remove Programs ==
Please go to Add/Remove Programs in the Control Panel, and remove the following programs
- J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 2
Reboot your computer.
== Install Latest Java ==
Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.
Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.
Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.
Once it has finished downloading, double click it, and follow the prompts to install.
If it asks to reboot, select NO.
== Clear Temporary Files ==
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
== Clear System Restore==
Let's make a new restore point and clear the others:
- Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer
Please reboot your computer before continuing.
== Kaspersky Web Scanner ==
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
== Request Logs ==
Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.
-Ryan
- J2SE Runtime Environment 5.0 Update 4
-
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {3481A7E2-99BC-4E14-BBAA-2A31FB6832D4} - (no file)
O2 - BHO: (no name) - {549292CF-70D8-40B3-91B7-C27F307526EE} - (no file)
O2 - BHO: (no name) - {5DA78D76-AD5D-4A6C-A117-006FACECFD14} - (no file)
O2 - BHO: (no name) - {6B126F15-3B60-41C6-A2F6-3077E1AB871D} - (no file)
O2 - BHO: (no name) - {6CBFA490-6A23-4348-8459-324B9C48FBA8} - (no file)
O2 - BHO: (no name) - {78F8A82E-1169-4A66-BD55-3E1FD8F92FE7} - (no file)
O2 - BHO: (no name) - {7DBFA940-6856-493F-BF58-5C4AE432DDDB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81F2D9D1-53A4-4910-9EA6-DB08C47541A3} - (no file)
O2 - BHO: (no name) - {99543BCE-6B2F-4567-8F84-BDB211A2F0EE} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {ABE4C2EB-B292-48BB-B5DD-75E1A3F8DC39} - (no file)
O2 - BHO: (no name) - {CE9F413E-7C08-4F12-B62A-D86B1C175F1E} - (no file)
O2 - BHO: (no name) - {D17557A2-8C4D-4EEE-B0AD-66FA473FD199} - (no file)
O2 - BHO: (no name) - {D8C8B77C-08E8-47E7-8BE9-04EB1A5BE17F} - (no file)
O2 - BHO: (no name) - {DC4D8DEC-DD3C-4366-A6EE-729D5107FEC2} - (no file)
O2 - BHO: (no name) - {FDCA7757-71C1-446B-8F20-BB832B3CB2C9} - (no file)
O2 - BHO: (no name) - {FE52ECA2-8FC7-4BC0-9175-1736715D3DE8} - (no file)
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O20 - Winlogon Notify: hggffge - C:\WINDOWS\
Close all open windows except for HiJack This and click fix checked.
Reboot your computer.
Please rescan with HijackThis and post a fresh log, along with an uninstall list, in this same topic, and let us know how your system's working.
To obtain an Uninstall list.
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Open HijackThis, click Config, click Misc Tools
-
Please try running combofix now. If it works, post its log and a new HJT log.
If it does not work, please post a new HiJack This log.
-Ryan
-
Let's try a different scanner for now.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
-Ryan
- Please, never rename Combofix unless instructed.
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-Ryan
- Restart your computer
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
How's the computer running?
-Ryan
-
Can you post the log? There might be things that require more attention to completely fix them.
-Ryan
-
I didn't see anything suspicious in the HiJackThis log, but let's run a couple other scans and make sure nothing's hiding. Here are the instructions for the first scan.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
-Ryan
-
I think we're done so...
Congratulations, your log is clean
For information on how to protect yourself in the future, read Infection Prevention
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
-
That looks good. Please post a new HiJack This log and let me know how the computer is running.
-Ryan
"ad Served By Surfing Software" Etc.[INACTIVE]
in Malware Removal
Posted
Sorry nobody has gotten around to your post yet.
If you still need assistance, let me know, and post a new hijack this log.
-Ryan