therock247uk

Members
 View Profile  See their activity

  • Content Count

    960

  • Joined

  • Last visited

 Content Type 

Posts posted by therock247uk

  1. Check It Again Please

    in Malware Removal

    Posted

    1. Ok first go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoint Manager and anything esle that starts with Viewpoint.

    2. Move Hijackthis into a permanent folder like c:/hjt so backups can be made. Then open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    O2 - BHO: (no name) - {398D6858-E713-0AC3-845F-125508877F40} - C:\WINDOWS\System32\pgry.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

    O4 - HKCU\..\Run: [Aiuhb] C:\WINDOWS\System32\m?iexec.exe

    O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

    You could also fix this if you did not put the restriction on your pc. Restrictions stop you accesing certain Options in Control Panel so you cant change you homepage etc.

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    3. Reboot and delete the files.

    C:\Documents and Settings\Owner\Application Data\eber.exe

    C:\WINDOWS\System32\m?iexec.exe

    C:\WINDOWS\System32\pgry.dll

    C:\Program Files\SpyKiller

    4. Reboot again and post a new Hijackthis log here in a reply.

  2. These Are My Logs

    in Malware Removal

    Posted · Edited by therock247uk

    1. Please Move Hijackthis to a permenet folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jsp

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)

    2. Reboot and post a new Hijackthis log here in a reply.

  3. These Are My Logs

    in Malware Removal

    Posted · Edited by therock247uk

    1. Move Hijackthis to a permanent folder like c:/hjt so backups can be made. Open Hijackthis from c:/hjt press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htm

    O2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing)

    O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exe

    O4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exe

    O4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exe

    O4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exe

    2. Reboot and delete the folders.

    C:\Program Files\EQFLAG~1\ < Folder starts with EQFLAG

    C:\Documents and Settings\AYN-MA~1\Application Data\EQFLAG~1\ < Folder starts with EQFLAG

    C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\

    C:\Documents and Settings\All Users\Application Data\win about thunk soap\

    C:\Documents and Settings\AYN-MA~1\Application Data\ADMINS~1\ < Folder starts with ADMINS

    3. Then post a new Hijackthis log here in a reply.

  7. Efwis Sent Me

    in Malware Removal

    Posted

    1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)

    O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe

    O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe

    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

    O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe

    O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

    O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe

    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

    2. Reboot and delete the following files.

    C:\WINDOWS\System32\enss.exe

    C:\WINDOWS\QuickBrowser.exe

    C:\WINDOWS\System32\sysdoor.exe

    C:\WINDOWS\System32\jgsd400.exe

    C:\WINDOWS\System32\ipmontr.exe

    C:\WINDOWS\System32\ipxpromn.exe

    3. Delete the folders.

    C:\Documents and Setting\AllUsers\Application data\Pribi\

    C:\Program Files\Ebates_MoeMoneyMaker\

    4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager.

    5. Then post a new Hijackthis log here in a reply.

  8. Efwis Sent Me

    in Malware Removal

    Posted

    1. Ok first download Adaware from. http://lavasoft.element5.com/support/download/#free Install it then open it and press check for updates. Dont scan with it yet we will do that later.

    2. Download Cwsshredder from. http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip it dont run it yet.

    3. Boot into safemode go here for Intructions on how to. http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    4. While in safemode open Adaware.

    Click Start

    Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.

    It will list malware files and registry keys. Click Next.

    Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.

    It will ask for verification of checked items. Choose OK.

    Close Ad-Aware

    5. Run Cwsshredder which you downloaded earlyer and press fix.

    6. Reboot back in to Windows and run an online virus scan http://housecall.antivirus.com/ make sure the auto clean option is on.

    7. Then reboot again and post a new Hijackthis log here in a reply.

  12. Hi Jack This Log

    in Malware Removal

    Posted

    1. Ok open Hijackthis click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422

    You can also fix this one as people report it sends Infomation about you computer to them. But it is up to you.

    O4 - Startup: PowerReg Scheduler V3.exe

    2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.

    3. Then reboot and post a new Hijackthis log here in a reply.

  13. Hi Jack This Log

    in Malware Removal

    Posted

    1. Ok Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.

    O2 - BHO: ngpw34.clsIS - {2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} - c:\windows\ngpw34.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O2 - BHO: ngsw31.clsIS - {E9147A0A-A866-4214-B47C-DA821891240F} - c:\windows\ngsw31.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07209a20e22212...ip/RdxIE601.cab

    2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.

    3. Reboot and delete the files.

    c:\windows\ngsw31.dll

    4. Then post a new Hijackthis log here in a reply.

  14. Spyware Or Hijack Problem

    in Malware Removal

    Posted · Edited by therock247uk

    Ok because you cannot run both Adaware and housecall we are going to do this.

    1. Make sure you have show hidden files on go here for instructions. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Boot into safemode if you dont know how go here for Instructions. http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis leaving hijackthis the only program open.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=80

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=80

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\RXLNFU~1.DLL

    O4 - HKLM\..\Run: [gggvrepb] C:\WINNT\System32\swxkqg.exe

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

    O4 - HKCU\..\RunServices: [image] rundll32 C:\WINNT\d3wz.dll,Install

    O4 - Global Startup: winlogin.exe

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\kxqwxepb.exe

    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

    O20 - AppInit_DLLs: vz29kvl7s1zl0.dll

    3. Go to Start, Control Panel, Add/Remove and uninstall Wintools if it is there.

    4. Delete the folders.

    C:\Program Files\Submit\

    C:\Program Files\Common Files\WinTools\

    C:\Program Files\SideFind\

    5. Delete the files.

    C:\WINNT\System32\swxkqg.exe

    image.dll < Might be in C:\WINNT\ or C:\WINNT\System32

    vz29kvl7s1zl0.dll < Might be in C:\WINNT\ or C:\WINNT\System32

    C:\Program Files\Internet Explorer\kxqwxepb.exe

    C:\WINNT\System32\RXLNFU~1.DLL < File starts with RXLNFU

    6. Reboot into normal mode and post a new Hijackthis log here in a reply.

  15. Spyware Or Hijack Problem

    in Malware Removal

    Posted · Edited by therock247uk

    1. Download adaware from http://www.lavasoft.de/support/download/ install it and update it. Dont run the scan with it yet we will do that later on.

    2. Ok go into safemode following instructions on http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    3. When in safemode. Open Adaware which is what you downloaded earlyer.

    Before scanning with Ad-aware SE Free:

    Run a FULL adaware scan using the following configuration below

    Click Start

    Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.

    It will list malware files and registry keys. Click Next.

    Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.

    It will ask for verification of checked items. Choose OK.

    Close Ad-Aware, Reboot into normal mode.

    4. Then post a new Hijakckthis log here in a reply.

  19. Review This Please :)

    in Malware Removal

    Posted

    1. Go into safemode

    2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe

    3. Delete the folders.

    C:\Program Files\Windows SyncroAd\

    4. Reboot into normal mode then post a new log here in a reply.

  21. Log. Winpup

    in Malware Removal

    Posted

    Ok tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [MV8DMOEW] C:\WINDOWS\SYSTEM\MV8DMOEW.exe

    Reboot then find the following files and delete them.

    C:\WINDOWS\SYSTEM\MV8DMOEW.exe

    Then post a new log here in a reply.