Sponsored By

therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

About therock247uk

  • Rank
    Malware Killer
  • Birthday 12/14/1986

Contact Methods

Profile Information

  • Location
    Newark, Nottingham, UK

Recent Profile Visitors

8323 profile views
  1. therock247uk

    What's your Internet speed?

    LOL
  2. therock247uk

    What's your Internet speed?

    wow @ upload
  3. therock247uk

    Combo Fix Installed Per Therock247uk

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O20 - AppInit_DLLs: equkpe.dll 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. When you are finished, post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.
  4. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  5. Ok lets see a new Hijackthis log.
  6. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  7. Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. **Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply.
  8. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: c:\windows\system32\zamopage.dll [*]Click on the Upload button [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button. [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. [*]Paste the contents of the Clipboard in your next reply.
  9. Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O20 - AppInit_DLLs: pvfwnn.dll smuwtr.dll c:\windows\system32\zamopage.dll O23 - Service: McAfee Application Installer Cleanup (0034251238712769) (0034251238712769mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\GARYRI~1\LOCALS~1\Temp\003425~1.EXE O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32aspnet_state (clr_optimization_v2.0.50727_32aspnet_state) - Unknown owner - C:\WINDOWS\TEMP\9C.tmp.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcMcNASvc (WMPNetworkSvcMcNASvc) - Unknown owner - C:\WINDOWS\TEMP\26.tmp.exe (file missing) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. When you are finished, post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.
  10. Looking good can I see a fresh Hijackthis log please? also how are things running?
  11. therock247uk

    Combo Fix Installed Per Therock247uk

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
  12. Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum.
  13. therock247uk

    Combo Fix Installed Per Therock247uk

    Asking a few other helpers ill be back with some ideas.
  14. Mrbill dont post advice in this forum thanks. Rig can i see a new Hijackthis log?
  15. therock247uk

    Combo Fix Installed Per Therock247uk

    Still having issues from last nite in chat with running it?