[Talladega Nights]

I have not rented a movie in years, netflix is the only way to go.

Blockbuster Online is better than Netflix

One of the funniest parts of the movie is in the deleted scenes....OMFG, the part when he was eating the burritos and farted "I love you"!! I can't believe that didn't make the final cut!

Excal

[Cud Some1 Please Check My Log.]

Hi bones74 and welcome to BestTechie! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download Findit Here and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

[Hjt Log]

Hi IdahoCarol and welcome to BestTechie! My name is Excal and I will be helping you.

I don't see much of anything on your log. What type of problems are you having.

Open HiJackthis and do a scan. Please check off the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about blank

Click FIX CHECKED then reboot and post a fresh HiJackThis log.

Thanks,

Excal

[Another Coolwebsearch Infection]

Hi cromwell_4 and welcome to Best Techie!

Have you altered your Host file at all? It has a lot of interesting entries.

I need to see a Copy of you Hosts File and a HijackThis log from Normal Mode please!

Open HijackThis-> Click Config-> Click Misc Tools-> Click Open Hosts File Manager-> Click Open in Notepad->

Copy&Paste the entire Contents of that Notepad Page to your Next Post!

Thanks,

Excal

[Help!]

Hi Shinjin and welcome to Best Techie!

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx Apply the update, reboot, and post a fresh Hijack This log.

(DO NOT INSTALL SP2)

Thanks,

Excal

[Hjt Logs]

My pleasure

Excal

[Hjt Logs]

Hi bearskin and welcome to BestTechie!

IF you are talking about logs for people in training. They are actual logs that other people have already tackled. hope thats answers your question.

Excal

[Happy Birthday Jeff (besttechie)!]

Happy BDay Jeffy!!

Tom

[Raju Log]

Hi raju420 and welcome to Best Techie My name is Excal and I will be helping you.

If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

Excal

[First Hijackthis Log]

Hi and welcome to Best Techie! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted

DOWNLOAD PROGRAMS

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.

THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll

O4 - HKLM\..\Run: [yglof] C:\WINDOWS\System32\yglof.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O15 - Trusted Zone: http://www.neededware.com

7. click the Fix Checked box

8. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\yglof.exe

C:\WINDOWS\System32\WinStat12.dll

9. Run the program CleanUp!

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

[Possibly Unclassified Spyware.65]

Hi Pumpkinjack,

1) Please download the Killbox.

Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Please remove the following folders using Windows Explorer (if present):

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1

C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

C:\WINDOWS\Bundles

C:\Documents and Settings\Owner\Application Data\Lycos

C:\WINDOWS\system32\FLEOK

C:\Program Files\System Soap Pro

4) Once in Safe Mode,

8. Please run Killbox.

• Select "Delete on Reboot".
  
• Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
  C:\WINDOWS\system32\cd_clint.dll
  C:\WINDOWS\system32\sysfile.dll
  C:\WINDOWS\Downloaded Program Files\v?.dll
  C:\WINDOWS\toolbar.exe
  C:\Program Files\Internet Explorer\dxbdgefk.exe
  C:\Program Files\Internet Explorer\kivunpss.exe
  C:\Program Files\Internet Explorer\tmwlbqfd.exe
  C:\WINDOWS\addwu32.dll
  C:\WINDOWS\crcm32.dll
  C:\WINDOWS\crwt.dll
  C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe
  C:\WINDOWS\Downloaded Program Files\popcaploader.dll
  C:\WINDOWS\Downloaded Program Files\popcaploader.inf
  C:\WINDOWS\Downloaded Program Files\v2.dll
  C:\WINDOWS\ipmc.dll
  C:\WINDOWS\javaaw.dll
  C:\WINDOWS\ntdz32.dll
  C:\WINDOWS\n_byxjpj.log
  C:\WINDOWS\pss\ncdr.exe
  C:\WINDOWS\sdkbn.exe
  C:\WINDOWS\sdkka32.exe
  C:\WINDOWS\sdkld32.exe
  C:\WINDOWS\sdklj.exe
  C:\WINDOWS\sdkob.exe
  C:\WINDOWS\sdkpb.exe
  C:\WINDOWS\sdkqk32.exe
  C:\WINDOWS\sdkxk32.exe
  C:\WINDOWS\sdkxm32.exe
  C:\WINDOWS\sdkzs32.exe
  C:\WINDOWS\syscl32.exe
  C:\WINDOWS\sysha32.exe
  C:\WINDOWS\sysjw32.exe
  C:\WINDOWS\syslo.exe
  C:\WINDOWS\syslw.exe
  C:\WINDOWS\syslx32.exe
  C:\WINDOWS\sysma32.exe
  C:\WINDOWS\sysmq32.exe
  C:\WINDOWS\sysox.exe
  C:\WINDOWS\syspf.exe
  C:\WINDOWS\sysqg.exe
  C:\WINDOWS\sysqw32.exe
  C:\WINDOWS\sysrk.exe
  C:\WINDOWS\system32\AvlPk4g.exe
  C:\WINDOWS\system32\Bwd9m.exe
  C:\WINDOWS\system32\cd_clint.dll
  C:\WINDOWS\system32\crae32.dll
  C:\WINDOWS\system32\crus.dll
  C:\WINDOWS\system32\d3se.dll
  C:\WINDOWS\system32\iefn32.dll
  C:\WINDOWS\system32\iphs32.dll
  C:\WINDOWS\system32\Kjxpex=.jpg.exe
  C:\WINDOWS\system32\MhoK9W3.exe
  C:\WINDOWS\system32\supdate.dll
  C:\WINDOWS\system32\sysfile.dll
  C:\WINDOWS\system32\sysir.dll
  C:\WINDOWS\system32\syszv32.dll
  C:\WINDOWS\system32\winbs.dll
  C:\WINDOWS\system32\XfpamdX.exe
  C:\WINDOWS\system32\zbpozoo.dll
  C:\WINDOWS\systx32.exe
  C:\WINDOWS\sysvc32.exe
  C:\WINDOWS\sysxf.exe
  C:\WINDOWS\sysyk32.exe
  C:\WINDOWS\syszw32.exe
  C:\WINDOWS\toolbar.exe
  C:\WINDOWS\winci.exe
  C:\WINDOWS\winfo.dll
  C:\WINDOWS\winfo32.exe
  C:\WINDOWS\wingy.exe
  C:\WINDOWS\winhg32.exe
  C:\WINDOWS\winhi.exe
  C:\WINDOWS\winhq.exe
  C:\WINDOWS\winhw32.exe
  C:\WINDOWS\winja.exe
  C:\WINDOWS\winkt.exe
  C:\WINDOWS\winlk.exe
  C:\WINDOWS\winqa32.exe
  C:\WINDOWS\winra32.exe
  C:\WINDOWS\winre32.exe
  C:\WINDOWS\winrs.exe
  C:\WINDOWS\winsr32.exe
  C:\WINDOWS\winsv32.exe
  C:\WINDOWS\winug32.exe
  C:\WINDOWS\winuu32.exe
  C:\WINDOWS\winvw32.exe
  C:\WINDOWS\winyd32.exe
  C:\WINDOWS\winye.exe
  C:\WINDOWS\winzs.exe
  
• Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  
• Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
  If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  
• Let the system reboot.
  

5) Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

6. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

[Possibly Unclassified Spyware.65]

Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Download about:buster by RubbeRDuckY Here.

Download CWShredder here to its own folder.

Update CWShredder

• Open CWShredder and click I AGREE
  
• Click Check For Update
  
• Close CWShredder
  

We will be using this program later.

Update About:Buster

• Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  
• Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  
• Click "Update" and then "Check For Update" to begin the update process.
  
• If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  
• Now close About:Buster
  

Right-Click HERE and Save As to download DelDomains.inf to your desktop.

To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)

Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

• Click Begin Removal.
  
• It will begin to check your computer for malicious files.
  
• AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  
• Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
  

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

reboot into normal mode.

run these 2 free trojan scans:

Trojan Scan

Trojan Scan2

after the scan are done please do another active scan and post the results along with the about:buster log and a fresh Hijackthis log.

Thanks

Excal

[Possibly Unclassified Spyware.65]

Hi and welcome to Best Techie! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dll

O2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dll

O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dll

O2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dll

O2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dll

O2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dll

O2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dll

O2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dll

O2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dll

O2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dll

O2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dll

O2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dll

O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dll

O2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dll

O2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dll

O2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dll

O2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dll

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dll

O2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dll

O2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dll

O2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dll

O2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dll

O2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dll

O2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dll

O2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dll

O2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dll

O2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dll

O2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dll

O2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dll

O2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dll

O4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exe

O4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab

7. click the Fix Checked box

8. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\ntbi32.dll

C:\WINDOWS\addwq32.dll

C:\WINDOWS\system32\ipbo32.dll

C:\WINDOWS\crvf32.dll

C:\WINDOWS\javaga.dll

C:\WINDOWS\system32\ielc32.dll

C:\WINDOWS\javapn.dll

C:\WINDOWS\system32\javatk32.dll

C:\WINDOWS\system32\mfcyx32.dll

C:\WINDOWS\sdkce.dll

C:\WINDOWS\ipzw32.dll

C:\WINDOWS\ntfw.dll

C:\WINDOWS\system32\apibt.dll

C:\WINDOWS\addbk.dll

C:\WINDOWS\system32\javand32.dll

C:\WINDOWS\system32\appqy.dll

C:\WINDOWS\system32\netkk32.dll

C:\WINDOWS\crau.dll

C:\WINDOWS\apibm.dll

C:\WINDOWS\system32\d3mu.dll

C:\WINDOWS\system32\sdkvl.dll

C:\WINDOWS\system32\msep.dll

C:\WINDOWS\netgu.dll

C:\WINDOWS\system32\addzu.dll

C:\WINDOWS\system32\javaok.dll

C:\WINDOWS\system32\crhz.dll

C:\WINDOWS\javawn.dll

C:\WINDOWS\system32\iert32.dll

C:\WINDOWS\system32\sysrc32.dll

C:\WINDOWS\system32\ipuj.dll

9. Run the program CleanUp!

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.