Excal
-
Content Count
18 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Excal
-
-
Hi bones74 and welcome to BestTechie! My name is Excal and I will be helping you.
I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.
Download Findit Here and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).
Please copy and paste that log here.
From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.
-
Hi IdahoCarol and welcome to BestTechie! My name is Excal and I will be helping you.
I don't see much of anything on your log. What type of problems are you having.
Open HiJackthis and do a scan. Please check off the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about blank
Click FIX CHECKED then reboot and post a fresh HiJackThis log.
Thanks,
Excal
-
Hi cromwell_4 and welcome to Best Techie!
Have you altered your Host file at all? It has a lot of interesting entries.
I need to see a Copy of you Hosts File and a HijackThis log from Normal Mode please!
Open HijackThis-> Click Config-> Click Misc Tools-> Click Open Hosts File Manager-> Click Open in Notepad->
Copy&Paste the entire Contents of that Notepad Page to your Next Post!
Thanks,
Excal
-
Hi Shinjin and welcome to Best Techie!
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx Apply the update, reboot, and post a fresh Hijack This log.
(DO NOT INSTALL SP2)
Thanks,
Excal
-
My pleasure
Excal
-
Hi bearskin and welcome to BestTechie!
IF you are talking about logs for people in training. They are actual logs that other people have already tackled. hope thats answers your question.
Excal
-
Happy BDay Jeffy!!
Tom
-
Hi raju420 and welcome to Best Techie My name is Excal and I will be helping you.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.
If you have resolved this issue please let us know.
Excal
-
Hi and welcome to Best Techie! My name is Excal and I will be helping you.
I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.
Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted
DOWNLOAD PROGRAMS
Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.
THE FIX
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Close all browsers, windows and unneeded programs.
5. Open HiJack and do a scan.
6. Put a Check next to the following items:
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
O4 - HKLM\..\Run: [yglof] C:\WINDOWS\System32\yglof.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O15 - Trusted Zone: http://www.neededware.com
7. click the Fix Checked box
8. Please remove just the files from the following paths using Windows Explorer (if present):
C:\WINDOWS\System32\yglof.exe
C:\WINDOWS\System32\WinStat12.dll
9. Run the program CleanUp!
10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!
11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
-
Hi Pumpkinjack,
1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
3) Please remove the following folders using Windows Explorer (if present):
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1
C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url
C:\WINDOWS\Bundles
C:\Documents and Settings\Owner\Application Data\Lycos
C:\WINDOWS\system32\FLEOK
C:\Program Files\System Soap Pro
4) Once in Safe Mode,
8. Please run Killbox.
- Select "Delete on Reboot".
- Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\cd_clint.dll
C:\WINDOWS\system32\sysfile.dll
C:\WINDOWS\Downloaded Program Files\v?.dll
C:\WINDOWS\toolbar.exe
C:\Program Files\Internet Explorer\dxbdgefk.exe
C:\Program Files\Internet Explorer\kivunpss.exe
C:\Program Files\Internet Explorer\tmwlbqfd.exe
C:\WINDOWS\addwu32.dll
C:\WINDOWS\crcm32.dll
C:\WINDOWS\crwt.dll
C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\Downloaded Program Files\v2.dll
C:\WINDOWS\ipmc.dll
C:\WINDOWS\javaaw.dll
C:\WINDOWS\ntdz32.dll
C:\WINDOWS\n_byxjpj.log
C:\WINDOWS\pss\ncdr.exe
C:\WINDOWS\sdkbn.exe
C:\WINDOWS\sdkka32.exe
C:\WINDOWS\sdkld32.exe
C:\WINDOWS\sdklj.exe
C:\WINDOWS\sdkob.exe
C:\WINDOWS\sdkpb.exe
C:\WINDOWS\sdkqk32.exe
C:\WINDOWS\sdkxk32.exe
C:\WINDOWS\sdkxm32.exe
C:\WINDOWS\sdkzs32.exe
C:\WINDOWS\syscl32.exe
C:\WINDOWS\sysha32.exe
C:\WINDOWS\sysjw32.exe
C:\WINDOWS\syslo.exe
C:\WINDOWS\syslw.exe
C:\WINDOWS\syslx32.exe
C:\WINDOWS\sysma32.exe
C:\WINDOWS\sysmq32.exe
C:\WINDOWS\sysox.exe
C:\WINDOWS\syspf.exe
C:\WINDOWS\sysqg.exe
C:\WINDOWS\sysqw32.exe
C:\WINDOWS\sysrk.exe
C:\WINDOWS\system32\AvlPk4g.exe
C:\WINDOWS\system32\Bwd9m.exe
C:\WINDOWS\system32\cd_clint.dll
C:\WINDOWS\system32\crae32.dll
C:\WINDOWS\system32\crus.dll
C:\WINDOWS\system32\d3se.dll
C:\WINDOWS\system32\iefn32.dll
C:\WINDOWS\system32\iphs32.dll
C:\WINDOWS\system32\Kjxpex=.jpg.exe
C:\WINDOWS\system32\MhoK9W3.exe
C:\WINDOWS\system32\supdate.dll
C:\WINDOWS\system32\sysfile.dll
C:\WINDOWS\system32\sysir.dll
C:\WINDOWS\system32\syszv32.dll
C:\WINDOWS\system32\winbs.dll
C:\WINDOWS\system32\XfpamdX.exe
C:\WINDOWS\system32\zbpozoo.dll
C:\WINDOWS\systx32.exe
C:\WINDOWS\sysvc32.exe
C:\WINDOWS\sysxf.exe
C:\WINDOWS\sysyk32.exe
C:\WINDOWS\syszw32.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\winci.exe
C:\WINDOWS\winfo.dll
C:\WINDOWS\winfo32.exe
C:\WINDOWS\wingy.exe
C:\WINDOWS\winhg32.exe
C:\WINDOWS\winhi.exe
C:\WINDOWS\winhq.exe
C:\WINDOWS\winhw32.exe
C:\WINDOWS\winja.exe
C:\WINDOWS\winkt.exe
C:\WINDOWS\winlk.exe
C:\WINDOWS\winqa32.exe
C:\WINDOWS\winra32.exe
C:\WINDOWS\winre32.exe
C:\WINDOWS\winrs.exe
C:\WINDOWS\winsr32.exe
C:\WINDOWS\winsv32.exe
C:\WINDOWS\winug32.exe
C:\WINDOWS\winuu32.exe
C:\WINDOWS\winvw32.exe
C:\WINDOWS\winyd32.exe
C:\WINDOWS\winye.exe
C:\WINDOWS\winzs.exe - Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
- Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.. - Let the system reboot.
5) Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!
6. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
- Select "Delete on Reboot".
-
Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.
Download about:buster by RubbeRDuckY Here.
Download CWShredder here to its own folder.
Update CWShredder
- Open CWShredder and click I AGREE
- Click Check For Update
- Close CWShredder
We will be using this program later.
Update About:Buster
- Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
- Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
- Click "Update" and then "Check For Update" to begin the update process.
- If any updates exist please download them by clicking "Download Update" then click the X to close that window.
- Now close About:Buster
Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please run about:buster by RubbeRDuckY:
- Click Begin Removal.
- It will begin to check your computer for malicious files.
- AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
- Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.
reboot into normal mode.
run these 2 free trojan scans:
after the scan are done please do another active scan and post the results along with the about:buster log and a fresh Hijackthis log.
Thanks
Excal
- Open CWShredder and click I AGREE
-
Hi and welcome to Best Techie! My name is Excal and I will be helping you.
I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.
Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Close all browsers, windows and unneeded programs.
5. Open HiJack and do a scan.
6. Put a Check next to the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dll
O2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dll
O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dll
O2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dll
O2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dll
O2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dll
O2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dll
O2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dll
O2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dll
O2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dll
O2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dll
O2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dll
O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dll
O2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dll
O2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dll
O2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dll
O2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dll
O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dll
O2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dll
O2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dll
O2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dll
O2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dll
O2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dll
O2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dll
O2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dll
O2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dll
O2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dll
O2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dll
O2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dll
O2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dll
O4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exe
O4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab
7. click the Fix Checked box
8. Please remove just the files from the following paths using Windows Explorer (if present):
C:\WINDOWS\system32\ntbi32.dll
C:\WINDOWS\addwq32.dll
C:\WINDOWS\system32\ipbo32.dll
C:\WINDOWS\crvf32.dll
C:\WINDOWS\javaga.dll
C:\WINDOWS\system32\ielc32.dll
C:\WINDOWS\javapn.dll
C:\WINDOWS\system32\javatk32.dll
C:\WINDOWS\system32\mfcyx32.dll
C:\WINDOWS\sdkce.dll
C:\WINDOWS\ipzw32.dll
C:\WINDOWS\ntfw.dll
C:\WINDOWS\system32\apibt.dll
C:\WINDOWS\addbk.dll
C:\WINDOWS\system32\javand32.dll
C:\WINDOWS\system32\appqy.dll
C:\WINDOWS\system32\netkk32.dll
C:\WINDOWS\crau.dll
C:\WINDOWS\apibm.dll
C:\WINDOWS\system32\d3mu.dll
C:\WINDOWS\system32\sdkvl.dll
C:\WINDOWS\system32\msep.dll
C:\WINDOWS\netgu.dll
C:\WINDOWS\system32\addzu.dll
C:\WINDOWS\system32\javaok.dll
C:\WINDOWS\system32\crhz.dll
C:\WINDOWS\javawn.dll
C:\WINDOWS\system32\iert32.dll
C:\WINDOWS\system32\sysrc32.dll
C:\WINDOWS\system32\ipuj.dll
9. Run the program CleanUp!
10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!
11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
Talladega Nights
in Open Chat
Posted
Blockbuster Online is better than Netflix
One of the funniest parts of the movie is in the deleted scenes....OMFG, the part when he was eating the burritos and farted "I love you"!! I can't believe that didn't make the final cut!
Excal