Andro1d

Trusted Helpers
  • Content Count

    737
  • Joined

  • Last visited

Everything posted by Andro1d

  1. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Sorry for the delay, we have been quite busy around here. I see that you are using an outdated version of HijackThis, so the first thing we need to tackle is to get you updated to the newest version of HijackThis. Please download the current version of HijackThis from here. Please be sure to save it to a permanent directory, such as C:\HJT. Delete the old version of HijackThis afterwards. Please post a new HJT log with the version you just downloaded.
  2. Hi, Step 1 Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Step 2 Download GMER from here: http://www.gmer.net/files.php Unzip it to the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has run click Copy and paste the results (if a
  3. Whoops, my bad uspoor. I gave you a link that would expire. Please click the white Make a Donation button in the bottom of my signature for the correct link. Thanks ahead of time!
  4. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  5. Nice job your log looks clean ! How is it running ? Please use the following suggestion to help prevent reinfection. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following Click Start, Settings, Control Panel Double-click the System icon Click the Performa
  6. Good to hear. Are you still receiving any problems, and how is everything running?
  7. Glad I was of service! Yes, you can directly donate to me to help me continue in the fight against malware. Donate Here
  8. Hello again, Step 1 I see you have Kazaa Lite K++ v2.4.3 installed on your system. While the program itself is legal, most of the files downloaded with it are not. Also, quite often the files can be infected with viruses, malware, and other undesirable applications. I highly recommend uninstalling Kazaa Lite K++ v2.4.3 via Add or Remove Programs, but this program is optional for you if you choose to want to keep it. See HERE for details on P2P file sharing programs. Step 2 Since you already have AVG Anti Spyware installed, please do the following. On the main screen select the icon "Update"
  9. Hi again, 1. Close all windows so that you have nothing open and you are at your Desktop. 2. Click on Start, then click on Run. 3. In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button. "%userprofile%\Desktop\dss.exe" /configThis will open up DSS configuration. 4. Click on Check All. 5. Click Scan. DSS will now run again. 6. When finished, please post back both logs that open in Notepad: main.txt and extra.txt.
  10. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Also do not bump your topics, as it looks like some one is already helping you. We look for topics with 0 replies. Step 1 Download Deckard's System Scanner (DSS) to your Desktop. Close all applications and windows. Double-click on DSS.exe to run it, and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Extra Note: When running
  11. Nice job your log looks clean ! How is it running ? Please use the following suggestion to help prevent reinfection. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following Click Start, Settings, Control Panel Double-click the System icon Click the Performa
  12. Hello again, Please download Dial-a-fix from HERE and unzip it to your desktop. Double click the Dial-a-fix.exe Place a check next to Explorer/IE/OE/shell/WMP DLLs Then hit GO Once the program finishes you may exit out if it. Now let me know if you can download files.
  13. Lets try a different scanner. Lets run an F-Secure online scan for Viruses, Spyware and RootKits: Go to http://support.f-secure.com/enu/home/ols.shtml Scroll to the bottom of the page and click the Start scanning button. A window will pop up. Allow the Active X control to be installed on your computer, then click the Accept button Click Full System Scan and allow the components to download and the scan to complete. If malware is found, check Submit samples to F-Secure then select Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window cont
  14. Hello again. I see you have BitComet 0.66 & BitTornado 0.3.7 installed on your system. While the programs itself are legal, most of the files downloaded with it are not. Also, quite often the files can be infected with viruses, malware, and other undesirable applications. I highly recommend uninstalling BitComet 0.66 & BitTornado 0.3.7 via Add or Remove Programs, but these programs are optional for you if you choose to want to keep them. See HERE for details on P2P file sharing programs. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to in
  15. Hello, Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click th
  16. Hi again, Please go HERE to run Panda's TotalScan Select the bubble for Full scan It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Then the scan will begin When the scan completes, click the Save button on the right of Scan details Save it to a convenient location. Post the contents of the TotalScan report
  17. Nice job your log looks clean ! How is it running ? Please use the following suggestion to help prevent reinfection. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following Click Start, Settings, Control Panel Double-click the System icon Click the Performa
  18. Hello again, Step 1 Please download ATF Cleaner by Atribune. On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator" Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If y
  19. Hi uspoor, Sorry for not making this more clear, please make a folder in your C:\ drive named HJT and put the HiJackThis.exe in there. Step 1 Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\r_server.exe Click on the submit button Please post the results of the scan in your next reply. If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/ Step 2 Download Deckard's System Scanner (DSS) to your Desktop. Close all applications and windows. Double
  20. Hey, Step 1 Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\7881C6E694.sys Click on the submit button Please also submit this file C:\WINDOWS\system32\6A779F9613.sys Please post the results of the scan in your next reply. If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/ Step 2 Open notepad and copy/paste the text in the quotebox below into it: Save this as CFScript.txt Then drag the CFScript.txt into ComboFix.exe as you see in the scree
  21. Hello again, I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following: 1) Run Spybot-S&D 2) Go to the Mode menu, and make sure "Advanced Mode" is selected 3) On the left hand side, choose Tools -> Resident 4) Uncheck "Resident TeaTimer" and OK any prompts You can reenable TeaTimer once your system is clean. Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. R0 - HKCU\Software\Microsoft\Int
  22. Hello, No need to re run Dr Web. Here are some simpler instructions for del domains. RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart) Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. I also wanna see a new ComboFix log for something specific. Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in y
  23. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Sorry for the delay! Step 1 Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Step 2 Download Deckard's System Scanner (DSS) to your Desktop. Close all applications and windows. Double-click on DSS.exe to run it, and follow the prompts. When it has