Sponsored By

therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Posts posted by therock247uk


  1. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.


  2. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

    2. Then post a new Hijackthis log here in a reply.


  3. You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download AproposFix from here:

    http://swandog46.geekstogo.com/aproposfix.exe

    Save it to your desktop but do NOT run it yet.

    Then please reboot your computer in Safe Mode by doing the following:

    1) Restart your computer

    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

    3) Instead of Windows loading as normal, a menu should appear

    4) Select the first option, to run Windows in Safe Mode.

    Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

    When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.


  4. Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

    • Click the Free Trial link under to "SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:

      • Sweep Memory
      • Sweep Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Contents of Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.

      [*]Click Sweep Now on the left side.

      [*]Click the Start button.

      [*]When it's done scanning, click the Next button.

      [*]Make sure everything has a check next to it, then click the Next button.

      [*]It will remove all of the items found.

      [*]Click Session Log in the upper right corner, copy everything in that window.

      [*]Click the Summary tab and click Finish.

      [*]Paste the contents of the session log you copied into your next reply.


  5. Close any programs you have open since this step requires a reboot.

    From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

    IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

    If after the reboot the log does not open double click on it in the l2mfix folder.


  6. You have the latest version of VX2. Download L2mfix from:

    http://www.atribune.org/downloads/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.


  7. Please download ewido security suite it is a trial version of the program.

    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will now go to the main screen

    You will need to update ewido to the latest definition files.

    • On the left hand side of the main screen click update
    • Then click on Start Update

    The update will start and a progress bar will show the updates being installed.

    If you are having problems with the updater, you can use this link to manually update ewido.

    ewido manual updates

    Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    Open Ewido again

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • While the scan is in progress you will be prompted to clean files, click OK
    • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop.

    Now close ewido security suite.

    Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.


  8. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    2. Then post a new Hijackthis log here in a reply.


  9. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.


  10. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fxbmh.dll/sp.html#93256

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\WINTE.DLL (file missing)

    O2 - BHO: Class - {EA24E122-57CE-2E4F-6D27-58AE8ECF4AA3} - C:\WINDOWS\SYSTEM\WINKE.DLL

    O4 - HKLM\..\Run: [D3OG.EXE] C:\WINDOWS\D3OG.EXE

    O4 - HKLM\..\Run: [A033.TMP] C:\WINDOWS\TEMP\A033.TMP.exe

    O4 - HKLM\..\Run: [A033.TMP.EXE] C:\WINDOWS\TEMP\A033.TMP.EXE

    O4 - HKLM\..\RunServices: [iPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /s

    O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) -

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16b8a2adbd1acc...ip/RdxIE601.cab

    O19 - User stylesheet: (file missing)

    O21 - SSODL: systemie - {A288F2E0-0D92-11D8-B026-0040F46A2018} - sysie.dll (file missing)

    4. Delete the files. (if present)

    C:\WINDOWS\fxbmh.dll

    C:\WINDOWS\SYSTEM\WINKE.DLL

    C:\WINDOWS\D3OG.EXE

    C:\WINDOWS\TEMP\A033.TMP.exe

    C:\WINDOWS\TEMP\A033.TMP.EXE

    C:\WINDOWS\SYSTEM\IPWJ32.EXE

    5. Reboot and post a new Hijackthis log here in a reply.


  11. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

    Credit to PGPhantom for canned speech.


  12. Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning and a list of forums to seek help at.
      it should look like this
      VundoFix V2.1 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      This list of forums is provided as an example of where to go to obtain help!!
      http://www.atribune.org/forums
      http://www.247fixes.com/forums
      http://www.geekstogo.com/forum
      http://forums.net-integration.net
      http://castlecops.com/forums.html
      http://www.besttechie.net/forums
      Press enter to continue....
    • At this point press enter one time.
    • Next you will see:
      Type in the filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\vtsqq.dll

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum staff

      Then Press Enter, Then F6, Then Enter Again to continue with the fix.

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINDOWS\system32\qqstv.*

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*]The fix will run then HijackThis will open.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      • O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
        O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\vtsqq.dll
        O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
        O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll

      [*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

      [*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  13. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

    Credit to PGPhantom for canned speech.


  14. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

    2. Then post a new Hijackthis log here in a reply.


  15. Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning and a list of forums to seek help at.
      it should look like this
      VundoFix V2.1 by Atri
      By pressing enter you agree that you are using this at your own risk
      Please seek assistance at one of the following forums:
      http://www.atribune.org/forums
      http://www.247fixes.com/forums
      http://www.geekstogo.com/forum
      http://forums.net-integration.net
      http://www.besttechie.net/forums/
    • At this point press enter one time.
    • Next you will see:
      Type in the filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\System32\gebyy.dll

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum staff

      Then Press Enter, Then F6, Then Enter Again to continue with the fix.

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINDOWS\System32\yybeg.*

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*]The fix will run then HijackThis will open.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      • R3 - Default URLSearchHook is missing
        O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\System32\gebyy.dll
        O20 - Winlogon Notify: gebyy - C:\WINDOWS\System32\gebyy.dll

      [*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

      [*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  16. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

    Credit to PGPhantom for canned speech.