therock247uk
-
Content Count
960 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by therock247uk
-
-
1. Please Move Hijackthis to a permenet folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jsp
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)
2. Reboot and post a new Hijackthis log here in a reply.
-
1. Move Hijackthis to a permanent folder like c:/hjt so backups can be made. Open Hijackthis from c:/hjt press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htm
O2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing)
O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exe
O4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exe
O4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exe
O4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exe
2. Reboot and delete the folders.
C:\Program Files\EQFLAG~1\ < Folder starts with EQFLAG
C:\Documents and Settings\AYN-MA~1\Application Data\EQFLAG~1\ < Folder starts with EQFLAG
C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\
C:\Documents and Settings\All Users\Application Data\win about thunk soap\
C:\Documents and Settings\AYN-MA~1\Application Data\ADMINS~1\ < Folder starts with ADMINS
3. Then post a new Hijackthis log here in a reply.
-
Should I run the Hijackthis on a regular basis to keep this clean and good?
Do you mean tick and fix everything in Hijackthis?
-
Ok well your clean a bit to clean
Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051
-
Can you please post the full log that looks very very small to me
-
1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe
O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe
O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe
O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
2. Reboot and delete the following files.
C:\WINDOWS\System32\enss.exe
C:\WINDOWS\QuickBrowser.exe
C:\WINDOWS\System32\sysdoor.exe
C:\WINDOWS\System32\jgsd400.exe
C:\WINDOWS\System32\ipmontr.exe
C:\WINDOWS\System32\ipxpromn.exe
3. Delete the folders.
C:\Documents and Setting\AllUsers\Application data\Pribi\
C:\Program Files\Ebates_MoeMoneyMaker\
4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager.
5. Then post a new Hijackthis log here in a reply.
-
1. Ok first download Adaware from. http://lavasoft.element5.com/support/download/#free Install it then open it and press check for updates. Dont scan with it yet we will do that later.
2. Download Cwsshredder from. http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip it dont run it yet.
3. Boot into safemode go here for Intructions on how to. http://service1.symantec.com/SUPPORT/tsgen...001052409420406
4. While in safemode open Adaware.
Click Start
Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.
It will list malware files and registry keys. Click Next.
Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.
It will ask for verification of checked items. Choose OK.
Close Ad-Aware
5. Run Cwsshredder which you downloaded earlyer and press fix.
6. Reboot back in to Windows and run an online virus scan http://housecall.antivirus.com/ make sure the auto clean option is on.
7. Then reboot again and post a new Hijackthis log here in a reply.
-
-
Ok please follow these instructions carefully.
1. Go to Start, Setttings, Control Panel, Add/Remove programs and Uninstall the following items
New.Net
Webhancer
2. Then reboot and post a new Hijackthis log here in a reply.
-
Great your Hijackthis log file is clean
Go here for Infomation on how to prevent Reinfection http://forums.net-integration.net/index.php?showtopic=3051
-
1. Ok open Hijackthis click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422
You can also fix this one as people report it sends Infomation about you computer to them. But it is up to you.
O4 - Startup: PowerReg Scheduler V3.exe
2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.
3. Then reboot and post a new Hijackthis log here in a reply.
-
1. Ok Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.
O2 - BHO: ngpw34.clsIS - {2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} - c:\windows\ngpw34.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: ngsw31.clsIS - {E9147A0A-A866-4214-B47C-DA821891240F} - c:\windows\ngsw31.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07209a20e22212...ip/RdxIE601.cab
2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.
3. Reboot and delete the files.
c:\windows\ngsw31.dll
4. Then post a new Hijackthis log here in a reply.
-
Ok because you cannot run both Adaware and housecall we are going to do this.
1. Make sure you have show hidden files on go here for instructions. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Boot into safemode if you dont know how go here for Instructions. http://service1.symantec.com/SUPPORT/tsgen...001052409420406
2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis leaving hijackthis the only program open.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\RXLNFU~1.DLL
O4 - HKLM\..\Run: [gggvrepb] C:\WINNT\System32\swxkqg.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\RunServices: [image] rundll32 C:\WINNT\d3wz.dll,Install
O4 - Global Startup: winlogin.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\kxqwxepb.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O20 - AppInit_DLLs: vz29kvl7s1zl0.dll
3. Go to Start, Control Panel, Add/Remove and uninstall Wintools if it is there.
4. Delete the folders.
C:\Program Files\Submit\
C:\Program Files\Common Files\WinTools\
C:\Program Files\SideFind\
5. Delete the files.
C:\WINNT\System32\swxkqg.exe
image.dll < Might be in C:\WINNT\ or C:\WINNT\System32
vz29kvl7s1zl0.dll < Might be in C:\WINNT\ or C:\WINNT\System32
C:\Program Files\Internet Explorer\kxqwxepb.exe
C:\WINNT\System32\RXLNFU~1.DLL < File starts with RXLNFU
6. Reboot into normal mode and post a new Hijackthis log here in a reply.
-
1. Download adaware from http://www.lavasoft.de/support/download/ install it and update it. Dont run the scan with it yet we will do that later on.
2. Ok go into safemode following instructions on http://service1.symantec.com/SUPPORT/tsgen...001052409420406
3. When in safemode. Open Adaware which is what you downloaded earlyer.
Before scanning with Ad-aware SE Free:
Run a FULL adaware scan using the following configuration below
Click Start
Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.
It will list malware files and registry keys. Click Next.
Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.
It will ask for verification of checked items. Choose OK.
Close Ad-Aware, Reboot into normal mode.
4. Then post a new Hijakckthis log here in a reply.
-
Log is clean
-
Ok log is clean
-
1. Ok do a online virus scan http://housecall.trendmicro.com/ Select the auto clean option.
2 Then reboot and post a new log here in a reply.
-
1. Go into safemode
2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
3. Delete the folders.
C:\Program Files\Windows SyncroAd\
4. Reboot into normal mode then post a new log here in a reply.
-
Log is clean
-
Ok tick and fix the following in Hijackthis with all windows closed except Hijackthis.
O4 - HKLM\..\Run: [MV8DMOEW] C:\WINDOWS\SYSTEM\MV8DMOEW.exe
Reboot then find the following files and delete them.
C:\WINDOWS\SYSTEM\MV8DMOEW.exe
Then post a new log here in a reply.
-
Great idea
-
This best version of Kerio 2.1.5 http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe
-
Congrats on your site b ill help out whenever i can
Check It Again Please
in Malware Removal
Posted
1. Ok first go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoint Manager and anything esle that starts with Viewpoint.
2. Move Hijackthis into a permanent folder like c:/hjt so backups can be made. Then open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {398D6858-E713-0AC3-845F-125508877F40} - C:\WINDOWS\System32\pgry.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [Aiuhb] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
You could also fix this if you did not put the restriction on your pc. Restrictions stop you accesing certain Options in Control Panel so you cant change you homepage etc.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
3. Reboot and delete the files.
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\WINDOWS\System32\m?iexec.exe
C:\WINDOWS\System32\pgry.dll
C:\Program Files\SpyKiller
4. Reboot again and post a new Hijackthis log here in a reply.