Jump to content

therock247uk

Experts
  • Posts

    242
  • Joined

  • Last visited

Everything posted by therock247uk

  1. Delete the files. (if present) c:\windows\system32\logs1.ini c:\windows\n_boxzgd.dat Then post a new Hijackthis log here in a reply.
  2. Open Hijackthis and click scan. Then check mark the following entries O20 - Winlogon Notify: winlkk32 - winlkk32.dll (file missing) Now close all open windows except Hijackthis and click fix checked Then post a new Hijackthis log here in a reply.
  3. Can you post a full Hijackthis log including the header which tells me your Operating system etc...
  4. I see you have Ewido. Open it. Update the definition files. On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*]Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close ewido anti-spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
  5. I see you have Ewido did you run a full system scan with that? Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  6. Brandon asked me to take over. Open Hijackthis and click scan. Then check mark the following entries R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {00B7DCF4-9B37-BE2B-F3F7-6C8DFB0597F0} - (no file) O2 - BHO: (no name) - {0252B10A-EBA8-A173-4231-A94D60BF6A42} - (no file) O2 - BHO: (no name) - {0315E8BF-CB9F-4795-F013-258F5F05C8F7} - (no file) O2 - BHO: (no name) - {0407E660-52FB-E54C-3C68-5ABC0C1994F8} - (no file) O2 - BHO: (no name) - {04D7D978-AA79-E5B4-BA70-10D6C927DECD} - (no file) O2 - BHO: (no name) - {0619904A-3C71-5AF3-23E3-03703516D199} - (no file) O2 - BHO: (no name) - {061C880C-9214-661C-A5E5-D5955C8EB912} - (no file) O2 - BHO: (no name) - {07AC6A37-E15F-F543-A739-15DB1285B61A} - (no file) O2 - BHO: (no name) - {08211965-D6A7-563C-FBDA-97E9626FA453} - (no file) O2 - BHO: (no name) - {083BAD41-B411-8FA3-5200-8522A771770B} - (no file) O2 - BHO: (no name) - {0A8E24F7-CE32-202B-2C0C-B9CAC3C8D011} - (no file) O2 - BHO: (no name) - {0ABD81BD-F94C-3BFC-5699-13A2D49E5844} - (no file) O2 - BHO: (no name) - {0AE873A4-EE46-DEE5-FB05-2379630ADDE8} - (no file) O2 - BHO: (no name) - {0B3798A2-69E9-E91E-D230-89C13C63C169} - (no file) O2 - BHO: (no name) - {0B7DA733-FF81-0853-67C8-61DE180DAB2D} - (no file) O2 - BHO: (no name) - {0E07F1CC-6044-9AB8-86B3-B33F53CA4787} - (no file) O2 - BHO: (no name) - {0E368392-AD4F-5461-2A9A-288167712596} - (no file) O2 - BHO: (no name) - {0FC40116-92BE-C090-8E95-D252BF743173} - (no file) O2 - BHO: (no name) - {121F909F-63E6-4149-0E42-9847B49E14A9} - (no file) O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file) O2 - BHO: (no name) - {17148321-8D1B-4F75-4E46-30E16B398180} - (no file) O2 - BHO: (no name) - {1960401C-1EDC-C453-499B-B9D8506F210E} - (no file) O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} - (no file) O2 - BHO: (no name) - {1B7868F3-747F-F324-23F0-1A3EC3D2C170} - (no file) O2 - BHO: (no name) - {1EC1181B-9D9C-9EF2-34F9-C5969FAF249A} - (no file) O2 - BHO: (no name) - {1F229039-6F6E-8545-7436-798A698742A9} - (no file) O2 - BHO: (no name) - {209F8E8B-6292-6C42-3CE2-9DCDECC213E7} - (no file) O2 - BHO: (no name) - {22AF8480-A15F-EF17-D45E-7D6C9102E4EB} - (no file) O2 - BHO: (no name) - {23213B9C-21EA-8D25-C169-75EC75BC0B41} - (no file) O2 - BHO: (no name) - {248316A5-BA51-D1E4-0604-9652D4733BAA} - (no file) O2 - BHO: (no name) - {24E3BE10-F69B-E844-6C5C-4F99122C2344} - (no file) O2 - BHO: (no name) - {260FEF22-2189-742C-5F54-452E119822E3} - (no file) O2 - BHO: (no name) - {2794292C-4490-D271-09E1-C39277C2D52A} - (no file) O2 - BHO: (no name) - {27D033EA-BD9C-D255-4074-1A53C42880AA} - (no file) O2 - BHO: (no name) - {27E2DB18-16CD-6D58-01D0-5369D7871013} - (no file) O2 - BHO: (no name) - {2B29092A-405F-DF3C-E7A9-CFD32A38ED75} - (no file) O2 - BHO: (no name) - {2B4B035E-BD22-BB4E-600A-3BD52E2B0040} - (no file) O2 - BHO: (no name) - {2D75623F-2853-A6AA-2E3A-A24FD907FEC3} - (no file) O2 - BHO: (no name) - {2DD8499E-F50B-754E-6EAF-429E150C3C8E} - (no file) O2 - BHO: (no name) - {2E2D7897-1172-FF76-05AC-D2C3DEAFA980} - (no file) O2 - BHO: (no name) - {2E2EB63E-794C-5397-2A8A-6BBD49C235C0} - (no file) O2 - BHO: (no name) - {2FBFD3DB-44BC-5682-6544-30AA6B08CA27} - (no file) O2 - BHO: (no name) - {2FC683F4-4B40-99FD-E7FB-2D55A95BCDFF} - (no file) O2 - BHO: (no name) - {316EFEAA-61D3-60D6-4001-92E3C805009C} - (no file) O2 - BHO: (no name) - {33BB5A1B-CCE5-35FE-1AE8-D4D6F732FF51} - (no file) O2 - BHO: (no name) - {33C2D479-9284-9CCF-6732-D9083EB61CAE} - (no file) O2 - BHO: (no name) - {33EAF5FD-7FC6-F387-E5DB-FBB059A0113A} - (no file) O2 - BHO: (no name) - {341BB010-C2FC-0291-0C0B-03CA46CB74BD} - (no file) O2 - BHO: (no name) - {345995C4-DBF9-600A-289D-A987369B5A49} - (no file) O2 - BHO: (no name) - {34601DD7-1E8A-D921-D291-3E41DC92883F} - (no file) O2 - BHO: (no name) - {346A3F48-1536-DD4B-2EE6-069E340D4822} - (no file) O2 - BHO: (no name) - {35EBA684-9D78-F0B4-2E69-286CA547ADE9} - (no file) O2 - BHO: (no name) - {3726D00B-6BC0-4794-D1A3-05653388A201} - (no file) O2 - BHO: (no name) - {37369CEA-B348-3234-366F-2B553EEC81BB} - (no file) O2 - BHO: (no name) - {39C21146-72F9-C00B-D47C-F100644447AE} - (no file) O2 - BHO: (no name) - {3A3EC35D-9151-41A2-1B91-EAD11EDA6B05} - (no file) O2 - BHO: (no name) - {3C690BC2-7682-8F6C-CC10-E64826571544} - (no file) O2 - BHO: (no name) - {3E4378BC-DB36-1A10-3ADB-7B5BDCB6F3C5} - (no file) O2 - BHO: (no name) - {3E7B5BDA-A5A9-C88C-8681-520B9D6EDB1C} - (no file) O2 - BHO: (no name) - {3FE9457A-44A3-DF90-77FA-F3C594294F82} - (no file) O2 - BHO: (no name) - {404CAFAA-9941-CAE7-A482-15DED83FDEA9} - (no file) O2 - BHO: (no name) - {410B27BA-B345-48F4-E620-AAFDD2B7C25A} - (no file) O2 - BHO: (no name) - {4258D559-087A-EE36-D79D-AE4B09661C77} - (no file) O2 - BHO: (no name) - {442CDA43-CA0D-6E47-3178-B83BA52399E2} - (no file) O2 - BHO: (no name) - {46CC8FB0-DA11-AF16-F523-5D1EAEE6007B} - (no file) O2 - BHO: (no name) - {499058A7-F0B4-874D-B850-C29E7394C647} - (no file) O2 - BHO: (no name) - {49B04408-07F3-994E-3645-61004E2FBCBE} - (no file) O2 - BHO: (no name) - {4A40122C-20F8-744D-1C57-1ADC8C94FC7D} - (no file) O2 - BHO: (no name) - {4B7CEBA7-8FF2-5B84-A513-BFA178B13DEE} - (no file) O2 - BHO: (no name) - {4B7DAC8B-172A-97CD-05BB-F1BE28199429} - (no file) O2 - BHO: (no name) - {4C95DFCA-66A1-C929-A964-7315699057CC} - (no file) O2 - BHO: (no name) - {4D567ABA-C061-F0F9-6007-B9B4A96FB412} - (no file) O2 - BHO: (no name) - {5061A3C6-884B-9AB8-F5E1-55D04DEAF516} - (no file) O2 - BHO: (no name) - {5088C44A-658D-F170-739A-787878D30AA1} - (no file) O2 - BHO: (no name) - {5137BF38-80A6-A0E2-1A5F-FD3152E8B8F4} - (no file) O2 - BHO: (no name) - {52B2CB22-30E3-B0AD-A1D3-8E7E7FD2A9BA} - (no file) O2 - BHO: (no name) - {5430DF94-AADA-D5FD-27DD-64CB9A8ADD6B} - (no file) O2 - BHO: (no name) - {57CF02A6-E431-029F-E097-C2B2B7B83230} - (no file) O2 - BHO: (no name) - {58766EEB-28FF-2649-FB38-0338B821DD25} - (no file) O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - (no file) O2 - BHO: (no name) - {5AE87369-A8F4-B1D6-ED81-BB42DB32D81B} - (no file) O2 - BHO: (no name) - {5AF2F991-F97B-E7F8-D81E-1803A0C1992A} - (no file) O2 - BHO: (no name) - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} - (no file) O2 - BHO: (no name) - {5EB913F5-9DD6-A008-3DF7-99CF3D1DEDED} - (no file) O2 - BHO: (no name) - {5FD260CC-B589-0058-5A1A-E588B80E3426} - (no file) O2 - BHO: (no name) - {600611F8-A1B0-D89D-8BB5-0210A7FBD6F9} - (no file) O2 - BHO: (no name) - {61ECDB4F-A396-E4D3-5428-0BF75BA8E878} - (no file) O2 - BHO: (no name) - {626F68E9-EC20-AAC3-D539-3CFDF7995B84} - (no file) O2 - BHO: (no name) - {63E8EDC0-6A5F-1D25-5DB2-1B10E38C98A3} - (no file) O2 - BHO: (no name) - {683EAC7F-683C-AF5F-A8BE-9D9877B52E10} - (no file) O2 - BHO: (no name) - {68539715-68F4-3736-04EE-20283B9FB26D} - (no file) O2 - BHO: (no name) - {69B627BA-90AF-B4A3-FFBE-62AC8CB906DF} - (no file) O2 - BHO: (no name) - {6B1BBEFE-396F-6513-80E4-32655D2B89C3} - (no file) O2 - BHO: (no name) - {6F99DB7E-CFDF-18F9-0B84-6D52A771173C} - (no file) O2 - BHO: (no name) - {708C8B10-3987-7E41-9F01-070C226FA765} - (no file) O2 - BHO: (no name) - {70C5166B-F769-3653-6920-712261EAF18E} - (no file) O2 - BHO: (no name) - {7350B9D3-B9DA-2054-675C-9E8EE4DF6C68} - (no file) O2 - BHO: (no name) - {77CFFB1B-9A9A-5B55-F605-56A98395ABB5} - (no file) O2 - BHO: (no name) - {77DE2D83-957F-1DC7-29B3-8314649B33C1} - (no file) O2 - BHO: (no name) - {7935D80C-5F18-4A3A-84CC-165E67668EBA} - (no file) O2 - BHO: (no name) - {7B550C39-DA8C-E5B6-A13A-10086A709714} - (no file) O2 - BHO: (no name) - {7B90593A-D195-5D99-A455-BB257F00B873} - (no file) O2 - BHO: (no name) - {7D8DD407-13B0-33CA-516F-C457E455D100} - (no file) O2 - BHO: (no name) - {7DB2627F-041B-A150-EB3E-BA5F55EAF02D} - (no file) O2 - BHO: (no name) - {7FBDBF6B-DE91-BC70-ADEC-F5F1A0D6EC45} - (no file) O2 - BHO: (no name) - {7FD19601-50AB-2F2B-5D99-C8FA44F668F7} - (no file) O2 - BHO: (no name) - {7FD54FA8-4D77-678D-3E34-DB1D1BD6A6CC} - (no file) O2 - BHO: (no name) - {80EE4410-F532-B86F-8772-A37207D83F1A} - (no file) O2 - BHO: (no name) - {83932FFA-626F-D818-24C0-738D1BC631BF} - (no file) O2 - BHO: (no name) - {860340CB-BC61-B915-A0F4-8480DD83DCBC} - (no file) O2 - BHO: (no name) - {885411A1-5DD7-B13F-C011-E095DEF3E7E0} - (no file) O2 - BHO: (no name) - {88F52B10-5BA8-F284-18CB-D4D3F61DC588} - (no file) O2 - BHO: (no name) - {8A8F47B1-61ED-1CBB-2DB3-D81BFA6E22BF} - (no file) O2 - BHO: (no name) - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - (no file) O2 - BHO: (no name) - {8D1F5508-6A6E-5EA4-B010-5E880FBC9119} - (no file) O2 - BHO: (no name) - {8DEFD291-4C8D-4CBD-02CD-929041BDB374} - (no file) O2 - BHO: (no name) - {8E0B1D03-0ACA-38EE-8146-CB8797FC4F80} - (no file) O2 - BHO: (no name) - {8F3A18C7-E5C4-7966-C457-B59BAA255A3E} - (no file) O2 - BHO: (no name) - {9070C2D6-B9E2-D48F-43DC-CF2B92C210CC} - (no file) O2 - BHO: (no name) - {9077A962-ADEE-5591-6287-7FF61B9A9249} - (no file) O2 - BHO: (no name) - {916EEA1B-BCB7-4A5B-522D-4623137184B4} - (no file) O2 - BHO: (no name) - {91F5C0F0-E710-7DC7-0147-FE1448C119B5} - (no file) O2 - BHO: (no name) - {92CDA6FC-1C7D-E1DC-676E-761A6ECC0847} - (no file) O2 - BHO: (no name) - {94EDC8C3-C5D6-A92A-41EE-6CC367C3A231} - (no file) O2 - BHO: (no name) - {9540FD21-7127-38D2-C9B7-5D35FBE4007A} - (no file) O2 - BHO: (no name) - {95BE6764-84B0-A2E3-E0B5-24EC24125C4E} - (no file) O2 - BHO: (no name) - {960130C2-7AFF-4036-AC76-1E709CC49FD6} - (no file) O2 - BHO: (no name) - {97ADA2E0-5C10-1C68-6762-039DC911BD1A} - (no file) O2 - BHO: (no name) - {98650C20-64CF-9411-679D-9E2DDABCF7AF} - (no file) O2 - BHO: (no name) - {9877CF20-2004-429B-24EF-2F9B313EAD4B} - (no file) O2 - BHO: (no name) - {A2F8EF30-8765-BD48-5D83-DE43F48F4A60} - (no file) O2 - BHO: (no name) - {A4037116-72F9-DF6A-F395-A8D1C3AE8C57} - (no file) O2 - BHO: (no name) - {A483DB2B-AC74-4D6E-38EA-1510A71538BD} - (no file) O2 - BHO: (no name) - {A81BCC5D-44D8-3E61-02BF-B9E0BABCEBCC} - (no file) O2 - BHO: (no name) - {AB8574F8-1007-7628-0E71-6CC1389B6EB6} - (no file) O2 - BHO: (no name) - {AC374343-3209-2759-36C7-CF173D4C7D77} - (no file) O2 - BHO: (no name) - {AC4567BA-8769-9341-389B-0EFA0A973A1A} - (no file) O2 - BHO: (no name) - {AD01EC40-33AC-5AE8-5930-E89ABACA2397} - (no file) O2 - BHO: (no name) - {AD05B509-4B31-818E-39AB-1536769D7A17} - (no file) O2 - BHO: (no name) - {AD9876EA-8A49-27FD-86D3-65090565FBCF} - (no file) O2 - BHO: (no name) - {AF02D6F5-E10D-4B29-B7AB-E057280C0CDC} - (no file) O2 - BHO: (no name) - {AF0E39B7-FD25-0752-9064-0E3520410149} - (no file) O2 - BHO: (no name) - {AF2504CE-9FD2-4BFE-D073-D844B4100716} - (no file) O2 - BHO: (no name) - {B08CA3C6-0FF8-EABA-CF0B-2FEEC8DC9874} - (no file) O2 - BHO: (no name) - {B1B80C24-71F4-97BB-8828-8F5E71543C52} - (no file) O2 - BHO: (no name) - {B1EBC237-3650-5E5C-6534-F15F6F9B3DC7} - (no file) O2 - BHO: (no name) - {B264D484-9FD0-1008-BB3F-897E9586D92D} - (no file) O2 - BHO: (no name) - {B3445E12-83ED-4794-941D-CC18315D0931} - (no file) O2 - BHO: (no name) - {B350A8C8-282F-FDED-46C9-277DFCEABAC4} - (no file) O2 - BHO: (no name) - {B597EFD4-13E4-FDEC-9426-B3489B5BA711} - (no file) O2 - BHO: (no name) - {B7DEE50B-C94F-D735-CA96-C47AD58D6170} - (no file) O2 - BHO: (no name) - {B8A40086-20B8-C1F2-809A-00534310B657} - (no file) O2 - BHO: (no name) - {BB3FF3DC-55A0-A73D-487B-4DC196F9E42A} - (no file) O2 - BHO: (no name) - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - (no file) O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file) O2 - BHO: (no name) - {BC0FF74A-7E39-79D3-0B70-06EC5F199D5F} - (no file) O2 - BHO: (no name) - {BFBFA424-9910-08B0-2FBF-CC5180D847C2} - (no file) O2 - BHO: (no name) - {C0557ABE-4F97-5EAD-D823-C94B13E646DE} - (no file) O2 - BHO: (no name) - {C0CF21F9-2E73-A74E-A38D-C7652D7AA194} - (no file) O2 - BHO: (no name) - {C47DCAF3-F99D-8C67-52D6-BC5A17E2D173} - (no file) O2 - BHO: (no name) - {C59001C0-74ED-343F-CEAD-557D78E0B56C} - (no file) O2 - BHO: (no name) - {C590343E-22C4-112E-50B4-EE7FEE41BC70} - (no file) O2 - BHO: (no name) - {C765FC68-FF8E-CC22-BC7E-99E5DBE38F9D} - (no file) O2 - BHO: (no name) - {C78BA420-2354-CF49-9103-FA0AC2A41B6C} - (no file) O2 - BHO: (no name) - {C802FF77-7FEF-71C1-2FDF-C69DCC178985} - (no file) O2 - BHO: (no name) - {C88F3E71-4E20-56A9-DB40-BFBD9CAC3434} - (no file) O2 - BHO: (no name) - {C91C2B34-D631-75C3-CD74-32FA1B2B0372} - (no file) O2 - BHO: (no name) - {CC5FEABC-FD03-1BA4-2907-D32BC8AFEBB7} - (no file) O2 - BHO: (no name) - {CC9B510C-5678-0907-65D8-DA76547B7AB8} - (no file) O2 - BHO: (no name) - {CDA2D77E-431C-B261-D538-A1395D2DA449} - (no file) O2 - BHO: (no name) - {CF0DB4C8-F2F7-EF01-C711-E29AA80B3432} - (no file) O2 - BHO: (no name) - {D23166CF-6072-71EA-2EDB-6FE0AE95942D} - (no file) O2 - BHO: (no name) - {D3DA37FD-F982-375C-FB4D-EE7156A75905} - (no file) O2 - BHO: (no name) - {D81B9CDB-3C8B-D232-7C45-5147C3E9EE5C} - (no file) O2 - BHO: (no name) - {D827AA16-BF10-A6CC-75DD-7113C96F5202} - (no file) O2 - BHO: (no name) - {D9124028-B292-02CF-2F76-8A18A0B407DB} - (no file) O2 - BHO: (no name) - {D9E403FE-9154-878A-7820-16B2AF6C9AEE} - (no file) O2 - BHO: (no name) - {DC5AC739-3DE1-DC4E-F480-C18D4DACA3AD} - (no file) O2 - BHO: (no name) - {DCAE7461-D262-4AD4-AF7A-CFF80E2DB044} - (no file) O2 - BHO: (no name) - {DCC411E1-1C54-3A60-B9AC-0F1D18C92AD2} - (no file) O2 - BHO: (no name) - {DD7AAD8D-6BF8-1F9C-07FA-6D0FFA385DD4} - (no file) O2 - BHO: (no name) - {DEC2F6B0-D8E7-5560-53B8-FCC3BB592A8C} - (no file) O2 - BHO: (no name) - {DEF96F22-09FE-A03B-064A-02E148E88A17} - (no file) O2 - BHO: (no name) - {E2754F8D-63C3-4C97-8978-E9534291499E} - (no file) O2 - BHO: (no name) - {E28230B4-594D-561A-30B2-B04D83DDAD32} - (no file) O2 - BHO: (no name) - {E5ADF72A-DBBF-7E41-89A6-F5404F212316} - (no file) O2 - BHO: (no name) - {E5E966C4-AF6A-3902-E457-5D038958EDBE} - (no file) O2 - BHO: (no name) - {E61BC869-33C7-AC36-F015-C0910E22E342} - (no file) O2 - BHO: (no name) - {E69D821E-A0D8-880B-A771-4CEAE70AC39A} - (no file) O2 - BHO: (no name) - {E7238038-DE16-1143-54FD-6BD49E09CB83} - (no file) O2 - BHO: (no name) - {E85F044E-692F-88A1-DCF0-A6CE8A4E910A} - (no file) O2 - BHO: (no name) - {E85FF69A-EC3D-866C-6F46-15461BCC7062} - (no file) O2 - BHO: (no name) - {E93403BE-BB04-4852-BF74-6F988B81896E} - (no file) O2 - BHO: (no name) - {E9AE91ED-230B-9C13-63C1-9B2A676E905B} - (no file) O2 - BHO: (no name) - {EB850A67-681C-36D5-5229-28172E2E04B1} - (no file) O2 - BHO: (no name) - {EC077A90-DBF6-EE8A-BCAD-C31C70ACBCE8} - (no file) O2 - BHO: (no name) - {EC35B82F-DE5F-4C0D-A8E0-4A646DF69845} - (no file) O2 - BHO: (no name) - {EC366D55-9B78-927C-0928-477053375DFF} - (no file) O2 - BHO: (no name) - {EC37D9B3-9A1E-E706-8A80-9B7C13DF2373} - (no file) O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - (no file) O2 - BHO: (no name) - {EDA47566-FF22-C6CB-022E-9E5BA4649C49} - (no file) O2 - BHO: (no name) - {EDB041DC-4D4D-649F-F3B9-249E35ABBEF0} - (no file) O2 - BHO: (no name) - {EDEE936A-DD55-F74F-9B7E-8C7D53BFA2F8} - (no file) O2 - BHO: (no name) - {EDFA40D6-DD53-C09F-EB52-8D478A5144A6} - (no file) O2 - BHO: (no name) - {EEFC716C-4EB3-E35E-8C8B-71772121F4C1} - (no file) O2 - BHO: (no name) - {EFC7644A-EBB5-3164-DE0E-C70C508510A9} - (no file) O2 - BHO: (no name) - {F016EFF6-7206-8B10-B2DA-2E5F3C5E643C} - (no file) O2 - BHO: (no name) - {F02E3B9E-91EA-F259-A3AA-78801E4D5744} - (no file) O2 - BHO: (no name) - {F18BBC8A-FEF0-15C1-7B52-91E58B069D60} - (no file) O2 - BHO: (no name) - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - (no file) O2 - BHO: (no name) - {F49E4405-1B9E-9D79-D2B6-B1B83E92E2ED} - (no file) O2 - BHO: (no name) - {F6A5F230-D7B6-57AA-12F7-519B6ECC0B93} - (no file) O2 - BHO: (no name) - {F6D3E9FC-BC7E-C0C3-8BA2-6C69C9FA68C2} - (no file) O2 - BHO: (no name) - {F6D9089D-FF9B-AADD-2E2E-CE965672C18A} - (no file) O2 - BHO: (no name) - {F83D10CA-DD24-C3B5-D766-9DCD3394D4A1} - (no file) O2 - BHO: (no name) - {F83E64CC-47BA-4CBD-4B1D-66C65FEE57F2} - (no file) O2 - BHO: (no name) - {F8EA4B26-A394-AA9E-10DB-155FDEB474C6} - (no file) O2 - BHO: (no name) - {FA3ECF05-78C7-C237-7DAD-5AF0FECE7209} - (no file) O2 - BHO: (no name) - {FD03210D-09E2-E13D-1EDC-A5F4E2A71F02} - (no file) O2 - BHO: (no name) - {FEF27C0E-F323-983C-7373-F21C8EF035DF} - (no file) O2 - BHO: (no name) - {FF78BD49-D9D8-55E4-DB32-0C263AAC5E1E} - (no file) O14 - IERESET.INF: SearchAssistant= O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Jim and Kim\Local Settings\Temporary Internet Files\Content.IE5\AV2F6LE7\SFUninstaller[1].exe" service (file missing) Now close all open windows except Hijackthis and click fix checked Then post a new Hijackthis log here in a reply.
  7. Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
  8. 1. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following. as all they are doing is getting in the way we can reinstall them after. SpywareGuard Adaware 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mxeiw.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank 3. Then post a new Hijackthis log here in a reply.
  9. 1. Double-click the red SG in your system try to Open Spywareguard Click Option on the left Uncheck the followingEnable Real-Time Scanning Enable Download Protection Enable Browser HiJack Protection [*]Click Save Settings [*]We will re-enable it when we're done. You also have adwatch if it asks you to allow changes while fixing items allow it to. 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mxeiw.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - Default URLSearchHook is missing 3. Delete the files. (if present) C:\WINDOWS\system32\mxeiw.dll 4. Then post a new Hijackthis log here in a reply.
  10. Please download ewido security suite it is a trial version of the program. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click updateThen click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode. Open Ewido again Click on scannerClick on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  11. Can you somehow download the files on another computer then transfer them over?
  12. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34 2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode. 3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. O2 - BHO: Bho - {B00FC8A3-FC6B-4fe4-9D49-3045822380F9} - C:\WINDOWS\system32\xmojnjel.dll O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) 4. Delete the files. (if present) C:\WINDOWS\system32\xmojnjel.dll 5. Reboot and post a new Hijackthis log here in a reply.
  13. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED: =================================================== O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe =================================================== Close HiJackThis. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click on scannerClick on Complete System Scan and the scan will begin. NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action. DO NOT select "Perform action on all infections" If you are unsure of any entry found select none for now. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop Close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut. - Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply. Let us know if any problems persist.
  14. Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
  15. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. O4 - HKLM\..\Run: [spyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor O4 - HKLM\..\Run: [spyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent 2. Then post a new Hijackthis log here in a reply.
  16. 1. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following. SpyFighter as its rouge look here http://www.spywarewarrior.com/rogue_anti-spyware.htm 2. Download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes. 3. Download CWShredder here to its own folder. Update CWShredder * Open CWShredder and click I AGREE * Click Check For Update * Close CWShredder Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. 4. Then post a new Hijackthis log here in a reply.
  17. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34 2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode. 3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\msji32.dll (file missing) O2 - BHO: Class - {CAEBD80E-211A-EE88-458E-BFA21C72DCAF} - C:\WINDOWS\system32\sdkba.dll O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing) O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll (file missing) O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipdw32.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy O4 - HKLM\..\Run: [d3nh.exe] C:\WINDOWS\d3nh.exe O4 - HKLM\..\RunOnce: [ntzw32.exe] C:\WINDOWS\system32\ntzw32.exe O23 - Service: Workstation NetLogon Service ( 11F
  18. Please download ewido security suite it is a trial version of the program. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click updateThen click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode. Open Ewido again Click on scannerClick on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  19. Download about:buster by RubbeRDuckY Here. Update About:Buster Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created. Navigate to the AboutBuster directory and double-click on AboutBuster.exe. Click "OK" at the prompt with instructions. Click "Update" and then "Check For Update" to begin the update process. If any updates exist please download them by clicking "Download Update" then click the X to close that window. Now close About:Buster Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode. Please run about:buster by RubbeRDuckY: Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams. Click Yes to allow it to shutdown explorer.exe. It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so. When it has finished, click Save Log. Make sure you save it as I may need a copy of it later. Reboot your computer into safe mode again Run about:buster again following the same instructions as above, this time without the restart at the end Post the about:buster log and a New Hijackthis log ehre in a reply.
  20. Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further. You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem. Download about:buster by RubbeRDuckY Here. Download CWShredder Here. Download SpSeHjfix Here. Download and install CleanUp! Here Save all of these files somewhere you will remember like to the Desktop. Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix) Run the CleanUp! installer. You dont need to do anything with it right now. Update About:Buster Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created. Navigate to the AboutBuster directory and double-click on AboutBuster.exe. Click "OK" at the prompt with instructions. Click "Update" and then "Check For Update" to begin the update process. If any updates exist please download them by clicking "Download Update" then click the X to close that window. Now close About:Buster Update CWShredder Open CWShredder and click I AGREE Click Check For Update Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please run about:buster by RubbeRDuckY: Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams. Click Yes to allow it to shutdown explorer.exe. It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so. When it has finished, click Save Log. Make sure you save it as I may need a copy of it later. Reboot your computer into safe mode again Run about:buster again following the same instructions as above, this time without the restart at the end Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply. Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows. Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) After all that, please post back with how things went as well as the logs requested and a new HiJackThis log. Good Luck
  21. Great to see the site/forum back online.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.