JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
1. Do not PM me to get to your log. I have lots of people that deserve the same help your getting and it's done on a first come first serve basis. I rotate back around as soon as I can. PM's just make me have to stop and see what it is.
2. Do not run scan, install programs or use special tools with out being instructed.
3. Delete the special tools showing in your Panda scan.
4. How is the machine running?
Run HJT again in scan only mode put a check next to the following items and click fix.
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Reboot to normal mode. Update MBAM, you didn't do this before. Run a quick scan post that log and a new HJT log. Be patient, I will reply as time allows.
-
You should not run tools like rootkit scan and GMER unless instructed to do so. Please update MBAM run a quick scan post that log and a new HJT log.
-
OK skip Panda, your not taking action with MBAM. You must remove the items it finds. Update MBAM and quick scan again, be sure to take action, post that log and a new HJT log.
-
I don't see any samples from you in the sample upload forum? What did you do with the O20 - AppInit_DLLs: C:\WINDOWS\system32\fehudefu.dll c:\windows\system32\kegihane.dll c:\windows\system32\mahinomo.dll ?
-
They are not bits of AVG and you need to fix it. I can see them in your log, so obviously they are not gone.
C:\Program Files\AVG\AVG8\avgtray.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Those are all AVG. You might need to use the tool here http://www.malwarebytes.org/forums/index.php?showtopic=7368
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price, from the link in my signature.
-
OK I would like you to get this O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
You should find it in C:\Windows\Downloaded Program Files\http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab and attach it in a zipped folder here in a new topic you start, link back to your thread here in the HJT forum please.
Delete all the following using HJT.
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...764/mcfscan.cab
16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
I would remove C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe from Add/Remove Programs in the Control Panel too.
You have a service running for McAfee and you don't have it installed. Go into Computer Management .... Start>My Computer>Right click and choose manage>Services and Applications> find McAfee and disable it.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, you need to install SP3, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price, from the link in my signature.
-
I need those samples, I'm sure that is the root of the evil here. But I want to see the full MBAM log after you update it and a new HJT file. I don't need logs unless I ask for them.
-
OK looking good. How are you running?
I would remove this O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE for the reasons stated here http://www.systemlookup.com/Startup/596.html It won't affect your RealTec products and probably save you some spam.
C:\DOCUME~1\PEREGR~1\LOCALS~1\Temp\RtkBtMnt.exe Move that to C:\Program files you will lose it with a cleaning of temp files.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Your also running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.
You must fix both of these to avoid system exploit.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price, from the link in my signature.
-
AVG is an antivirus and they make an anti spy/adware program too. Your also running AdAware anti spy/adware it's a resource hog.
I might not get back to this til morning so just post the logs and be patient please.
-
Hehe... and you have done the right thing. Installing new stuff is not a good plan until your clean.
-
How are you running now? Please run HJT in scan only mode and put a check next to the following and then click fix.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Reboot to normal mode.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.
-
Hi Aqua and welcome to Malwarebytes. Please move HJT to C:\Program Files.
Please update MBAM and run a quick scan, post that log and a new HJT log in your next reply.
-
Hi johnnyo1968 and welcome to Malwarebytes. I am not sure what you want to know, I can't tell much from just the MBAM log, I need the HJT log also.
Please update MBAM run a quick scan post that log. Please get HiJack This! install it to C:\Program Files
Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment. Open Notepad, under the format tab, please make sure that word wrap is not checked for these procedures.
-
No problem education is key in prevention.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
That can be malware so MBAM flags it as such, in your case it was not, so you can add it to the ignore list if it keeps showing up.
Is everything running good? -
Your MBAM log is not complete. Be sure you include all of the log. Please open Notepad and go to format, uncheck wrap text. You can recheck it later if you want, but for now I need to see the HJT lines as the program is seeing them.
Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Please find these files C:\WINDOWS\system32\fehudefu.dll c:\windows\system32\kegihane.dll c:\windows\system32\mahinomo.dll and attach then in a zipped folder here in a new topic you start, link back to your thread here in the HJT forum please.
Update MBAM run a quick scan, post that log and a new HJT log please.
-
Yes that is it. Your running two antivirus at once. You should not do this, they can end up canceling each other out and causing other problems. AVG appears to be damaged O18 - Protocol: linkscanner - (no CLSID) - (no file) with that file missing. You can probably repair it with a reinstall of the program. You need to choose one or the other McAfee or AVG and either not run the other active or uninstall it. It's ok to keep one as a back up scanner, but you can't run them both as active protection.
I need you to please update MBAM, run a quick scan, post that log and a new HJT log together, run back to back. MBAM then HJT.
-
Sounds great Josh, soon as it gets tested and added we are home free.
-
Without C:\WINDOWS\system32\userinit.exe,iyywfnl.exe the file was of course clean as it is a valid system file. You have your system set to show all files and folders?
Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Please update MBAM and run a quick scan, post that log and a new HJT.
-
Before you install anything make a System Restore point, this can save you for many reasons. Learn what is running in your task manager also(right click on task bar, choose task manager). It will show more than HJT, use WinPatrol. This is another program that is really worth paying for, it's a lifetime license and the Plus features allow you to look up just what is running with a lot of knowledge from a really cool guy. Scotty the watchdog is a must for all systems IMO. Yes, your right, thinking about what it's saying to you, read what is asking to do what. Blind clicking gets people in trouble. I think we can close this too.
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.
-
Hey it's starting to look better. How are you running?
Please run HJT in scan only mode and put a check next to the following and then click fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
Reboot to normal mode. Update MBAM, quick scan post that log and a new HJT log please.
-
Please find this file C:\WINDOWS\system32\brastk.exe and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
-
There were reports of the support email failing yesterday for some reason also. One email will be enough Marcin is not without access and will be checking in. You might have to manually type the key etc in also, I've had this be a problem when pasting in other apps.
-
HJT is not the same as the antivirus program and in fact was not designed by TrendMicro, they bought it from the person that made it. I need to see an updated MBAM log, a new HJT and we have some final steps
-
Keep your replies in your orgiginal thread here http://www.malwarebytes.org/forums/index.php?showtopic=7598
I E will not connect
in Resolved Malware Removal Logs
Posted
How do you redownload if you can't get online? Why can't you get online?
Run HJT in scan only and put a check next to the following and then click fix.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: VirusTriggerBinWarningBHO Class - {096CBA44-4A4C-49f7-8903-1E75550ABCB7} - (no file)