therock247uk
-
Content Count
960 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by therock247uk
-
-
1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
O4 - HKLM\..\Run: [084c0f6g.dll] RUNDLL32.EXE 084c0f6g.dll,b 25956375
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
2. Then post a new Hijackthis log here in a reply.
-
The hijackthis log is not clean.
-
Please download ewido anti-malware it is a trial version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Open Ewido again
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido anti-malware.
Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
- Install ewido anti-malware
-
Your log is clean
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
- Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
-
Post a new Hijackthis log here in a reply.
-
browseui.dll browselc.dll and browser.dll are all legit dll files.
-
The file browsela.dll should of been deleted by the tool I had you run earlyer see if you can delete it c:\windows\system32\browsela.dll
-
Marcus aka Sonny Soprano quit posting replies to Hijackthis logs. Please.
-
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34
2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
O4 - HKLM\..\Run: [batSrv] C:\WINDOWS\batserv2.exe
4. Delete the files. (if present)
C:\WINDOWS\batserv2.exe
5. Reboot and post a new Hijackthis log here in a reply.
-
Please download ewido anti-malware it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
Download CWShredder here to its own folder.
Download about:buster by RubbeRDuckY Here.
Update CWShredder
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Open Ewido again
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido anti-malware.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.
Please run about:buster by RubbeRDuckY:
- Click Begin Removal.
- Click Yes to allow it to shutdown explorer.exe.
- It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
- When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
- Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end
Download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes.
Post the about:buster log, CWShredder results, Ewido restults and a New Hijackthis log here in a reply.
- Install ewido security suite
-
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.
Because of the "browsela" key, you need to shut down the computer. Don't do this in the normal way by using start - shut down, but use the power button.
-
Your log is clean
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
- Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
-
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34
2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - URLSearchHook: (no name) - {7D95A55D-13CF-116C-ED13-6B2315B9C6EC} - C:\WINDOWS\System32\opowii.dll
O2 - BHO: (no name) - {7D95A55D-13CF-116C-ED13-6B2315B9C6EC} - C:\WINDOWS\System32\opowii.dll
O4 - HKCU\..\Run: [Aoat] "C:\Program Files\itrs\oprs.exe" -vt ndrv
4. Delete the folders. (if present)
C:\Program Files\itrs
5. Delete the files. (if present)
C:\WINDOWS\System32\opowii.dll
6. Reboot and post a new Hijackthis log here in a reply.
-
Welcome back Kat!
-
You put the wrong paths in vundofix. copy and paste them next time.
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like thisVundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... - At this point press enter one time.
- Next you will see:Please Type in the filepath as instructed by the forum staff
and then press enter: - At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\ddcyx.dll
[*]Press Enter to continue with the fix.
[*] Next you will see:
Please type in the second filepath as instructed by the forumstaff then press enter:
[*]At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\xycdd.*
[*]Press Enter to continue with the fix.
[*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.
[*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:
- O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
[*]After you have fixed these items, close Hijackthis.
[*]Press enter to exit the program then manually reboot your computer.
[*]Once your machine reboots please continue with the instructions below.
- C:\WINDOWS\system32\ddcyx.dll
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
- Double-click VundoFix.exe to extract the files
-
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like thisVundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... - At this point press enter one time.
- Next you will see:Please Type in the filepath as instructed by the forum staff
and then press enter: - At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\ddcyx.dll
[*]Press Enter to continue with the fix.
[*] Next you will see:
Please type in the second filepath as instructed by the forumstaff then press enter:
[*]At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\xycdd.*
[*]Press Enter to continue with the fix.
[*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.
[*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:
- O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
[*]After you have fixed these items, close Hijackthis.
[*]Press enter to exit the program then manually reboot your computer.
[*]Once your machine reboots please continue with the instructions below.
- C:\WINDOWS\system32\ddcyx.dll
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
- Double-click VundoFix.exe to extract the files
-
Thanks all!
-
Post a new Hijackthis log here in a reply.
-
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
- Click the Free Trial link under to "SpySweeper" to download the program.
- Install it. Once the program is installed, it will open.
- It will prompt you to update to the latest definitions, click Yes.
- Once the definitions are installed, click Options on the left side.
- Click the Sweep Options tab.
- Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
[*]Click Sweep Now on the left side.
[*]Click the Start button.
[*]When it's done scanning, click the Next button.
[*]Make sure everything has a check next to it, then click the Next button.
[*]It will remove all of the items found.
[*]Click Session Log in the upper right corner, copy everything in that window.
[*]Click the Summary tab and click Finish.
[*]Paste the contents of the session log you copied into your next reply.
- Click the Free Trial link under to "SpySweeper" to download the program.
-
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like thisVundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... - At this point press enter one time.
- Next you will see:Please Type in the filepath as instructed by the forum staff
and then press enter: - At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINNT\system32\awtst.dll
[*]Press Enter to continue with the fix.
[*] Next you will see:
Please type in the second filepath as instructed by the forumstaff then press enter:
[*]At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINNT\system32\tstwa.*
[*]Press Enter to continue with the fix.
[*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.
[*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINNT\system32\awtst.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O20 - Winlogon Notify: awtst - C:\WINNT\system32\awtst.dll
[*]After you have fixed these items, close Hijackthis.
[*]Press enter to exit the program then manually reboot your computer.
[*]Once your machine reboots please continue with the instructions below.
- C:\WINNT\system32\awtst.dll
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
- Double-click VundoFix.exe to extract the files
-
Happy Birthday Chappy!
-
Good please follow my prevention post i posted earlyer.
Closing and moving topic.
-
Still getting popups about BROWSER HIJACK ALERT - BROWSER PAGE CHANGED?
-
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Open Ewido again
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.
Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
- Click on scanner
Hijack Log 1.99
in Malware Removal
Posted
Delete the files. (if present) might either be found in C:\ C:\Windows or C:\Windows\System32
084c0f6g.dll
Delete the folders. (if present)
C:\Program Files\webHancer
Your log is clean
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
To protect yourself further:
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.