Jump to content

ourwilly

Members
  • Content Count

    194
  • Joined

  • Last visited

About ourwilly

  • Rank
    Member

Profile Information

  • Gender
    Male

Previous Fields

  • Teams:
    Nothing Selected
  1. As it's been quite a while, I would now like to help someone else with their HijackThis log. I do hope you understand and that you have sorted out your issues..
  2. Hello missniffy... It appears from your log that AVG may have been uninstalled from your system.. 1/ Please keep Tea-Timer disabled...Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose Yes at the Warning prompt. Expand the Tools menu. Click Resident. Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box. In the File menu click Exit to exit Spybot Search & Destroy. 2/ Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries: O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000045.00000119 O21 - SSODL: webdsc - {129D7B18-081A-6CB3-FAF4-048377F40766} - C:\Program Files\qqvjxbb\webdsc.dll If AVG has been uninstalled, then include these to be fixed: O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) Close all other open windows and click on Fix checked, then exit HijackThis. 3/ Please right-click and Delete on this bold folder. C:\Program Files\qqvjxbb Please now reboot your system., then rescan with HijackThis and post the new log.
  3. Hello TodoNuno 1. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) Close any Explorer windows which may be open and click the "Fix Checked" button. 2. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Can you please let me know how your system is running after you've done this Thank you.
  4. Hello TodoNuno Go to Start | Control Panel | Add/Remove Programs and Uninstall MyWaySA Double-click on My Computer, Double-click on Local Disk and navigate to then Right Click on and Delete the following Bold entries if present: C:\Program Files\MyWaySA Please now Re-scan with HijackThis and post the new log in your next reply Thank you.
  5. Hello TodoNuno That was quick Copy and Paste this post into a new text document or print it for reference 1. Please let's use this latest version of VundoFix V6.5.8 and save to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files,click YES Once you click yes, your desktop will go blank as it starts removingVundo. When completed, it will prompt that it will reboot your computer,click OK. Please post the contents of C:\vundofix.txt in your next reply Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. 2. Now Download ComboFix.exe to your desktop. http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Doubleclick combofix.exe to launch the application. Follow the prompts that will be displayed on the screen. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. 3. Post this Combofix log in your next reply along with the new vundofix.txt Thank you.
  6. Hello TodoNuno I would like you to download HijackThis from this link http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe Save it onto your system then close down your Web browser before installing Once installed open HijackThis and Select "Do a system scan and save a logfile" Copy & Paste this logfile back to me
  7. Hello madbuzzard Your HJT log is looking better now.. If everything is running fine then please "Disable" and then "Re-Enable" your System Restore. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. Bookmark these Tutorials for future reference: So how did I get infected in the first place? Simple and easy ways to keep your computer safe and secure on the Internet Thank you.
  8. Hello madbuzzard Sorry to keep you waiting I've been very busy over this weekend I'm afraid, Please Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps. Step 1 If not already download and Install CCleaner Now Open CCleaner and select: Cleaner | Analyze | Run Cleaner Then close Step 2 Then please Download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet Please Reboot your System into Safe Mode Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, Click Options > Change settings Choose the "Scan"-tab, remove the mark at "Heuristic analysis". Back at the main window, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log and please let me know how your system is running Thank you.
  9. Hello madbuzzard Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps. Can you please purge all Deleted items in your Outlook Express Please download and install SUPERAntiSpyware Home Edition (free) Once installed, update the program definitions when prompted. Click the "Preferences" button and then the "Scanning Control" tab. Under "Scanner Options" make sure the following are checked/selected: 1>> Close browsers before scanning. 2>> Scan for tracking cookies. 3>> Terminate memory threats before quarantining. 4>> Ignore System Restore/Volume Information on ME and XP. Deselect all other scanning options. Close SUPERAntiSpyware for use later. Please Reboot your System into Safe ModeShut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode Double-click on My Computer, Double-click on Local Disk and navigate to then Right Click on and Delete the following Bold entries (if present): C:\Documents and Settings\Owner\Desktop\System\system cleaners\OiUninstaller.exe C:\WINDOWS\system32\dqipkcgo.exe C:\WINDOWS\system32\mi1.exe C:\WINDOWS\system32\mi2.exe C:\WINDOWS\system32\snpcuwhq.dll Open SUPERAntiSpyware and click the "Scan your computer" button. On the left, select "C:\Fixed Drive". On the right, under "Complete Scan", choose "Perform Complete Scan". Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click "OK". Make sure everything in the white box has a check next to it, then click "Next". After quarantining anything found, you may be prompted to reboot, click "Yes". Paste the scan log in your next reply (Preferences > Statistics/Logs tab > double-click SUPERAntiSpyware Scan Log) Please post a new "HijackThis" log and the "SUPERAntiSpyware" Scan Log in your next reply Thank you.
  10. Hello madbuzzard Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps. Step 1 Please go to: http://virusscan.jotti.org/ At the top select the Browse button then navigate to this File and Submit it to be scanned. C:\WINDOWS\system32\snpcuwhq.dll can you please Copy & Paste the scan result in your next reply Step 2 Please Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: (no name) - {58F197D4-E29C-4C93-844B-0EEFD3560CEE} - (no file) O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\snpcuwhq.dll",realset O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing) Close any Explorer windows which may be open and click the "Fix Checked" button. Step 3 Download and Install CCleaner Now Open CCleaner and select: Cleaner | Analyze | Run Cleaner Then close Now please use Internet Explorer and Run the Kaspersky On-line Scanner http://www.kaspersky.com/service?chapter=161739400 Accept the Active X object and download the latest definitions. When the scanner is ready, click Scan Settings. Select the Extended anti-virus database. Select Scan Archives & Scan Mail Bases and then ok. Click My Computer to run a full system scan. When complete, save the log to your desktop. Step 4 Re-scan with HijackThis and post: A new HJT Log The kaspersky scan log result's The Jotti results Thank You.
  11. Hello Thecockyone Go to Start | Control Panel | Add/Remove Programs and Uninstall: any item with Java Runtime Environment (JRE) in the name Restart the computer. Now CLICK HERE select the Download button next to "Java Runtime Environment (JRE) 6u1" "Accept" the License Agreement Then choose the First download link "Windows Offline Installation, Multi-language". Please note - You must Install this version Offline. Once you have done this please post a new HijackThis log and let me know how your system is running now Thank you
  12. Hello forallbueaty AVG anti-spyware only found two cookies which is fine but It's sound's like you are "Not" too happy with the Norton Anti-Virus Just remember though you should only have one anti- virus software installed to avoid confliction so please use "Add/Remove programs" to remove Norton - AV from your system first if you do opt for a change You can If you wish try the Norton Removal Tool which will uninstall all Norton 2007/2006/2005/2004/2003 products from your computer, please use Internet Explorer and Visit >>This Link<< and here are some links to some free anti-virus products : AVG Anti-Virus Avast Bit Defender ------------------------------------------------ let me know if you still think it does.. and if you wish to post a fresh HijackThis log then please do I'll be more than happy to look at it for you ourwilly
  13. Hello forallbueaty If you mean the "AVG Anti-Spyware" software then you will still need an Anti-Virus program installed to go along with it.. please note that when the AVG-AS trial ends the real-time feature will be disabled but you will still be able to use it to scan your system. Please "Disable" and then "Re-Enable" System Restore. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. Once you have done that please try running the Norton anti-virus in Safe Mode.. Hope this helps... Thank you
  14. Hello forallbueaty Glad things are running a little better, please now download AVG Anti-Spyware 7.5 The program should launch automatically after installation. If not, double-click the desktop icon. Deactivate the "Resident Shield" as this may prevent changes to the registry. To do this, click "Change State" to the right of the Resident Shield option in the main window. You will clearly see the status change to Inactive if you have done this correctly. Now Update AVG Anti-Spyware 7.5 click the "Update" icon from the main menu. Then click the "Start Update" button. When you receive the "Update successful" prompt, close AVG AS. Note: If you have any problems with the updater, you can Update AVG Anti-Spyware 7.5 Manually. Do not Scan with this yet! Please Reboot your System into Safe Mode Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8 from the menu select the option to enter Safe Mode Reopen AVG Anti-Spyware 7.5 and click the "Scanner" icon from the main menu. Click "Complete System Scan" to start scanning. When the scan completes, click "Recommended action" beneath the results window and select "Quarantine". Then click the "Apply all actions" button to quarantine everything detected. Then click Save report > Save report as and save the AVG Report-Scan.txt to your desktop. Then Reboot back into Normal Mode please post the AVG Anti-Spyware 7.5 Report-Scan.txt Thank you.
  15. Hello forallbueaty Please Reboot your System into Safe Mode Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt In your next reply please post the "C:\rapport.txt" a new "HiJackThis" Log and let me know how your system is running Thank you.
×
×
  • Create New...