therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Everything posted by therock247uk

  1. Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. Credit to PGPhantom for canned speech.
  2. Ok download a newer Hijackthis version 1.99.1 from http://merijn.org/files/HijackThis.exe and post a new log here in a reply from it. Also see if you can find the file wauctlxp4.exe by showing all hidden files go here for instructions. http://www.xtra.co.nz/help/0,,4155-1916458,00.html
  3. 1. Go into safemode by tapping f8 when the PC starts up you will get a menu select safemode. 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINNT\system32\msasmsn7.dll (file missing) O4 - HKLM\..\Run: [sndPnpMix] C:\WINNT\system32\wauctlxp4.exe 3. Delete the files. C:\WINNT\system32\wauctlxp4.exe 4. Reboot back into normal mode and post a new Hijackthis log here in a reply.
  4. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. If Spywareguard asks you for any changes say yes. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = , O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINNT\system32\msasmsn7.dll O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe O4 - HKLM\..\Run: [sndPnpMix] C:\WINNT\system32\wauctlxp4.exe 2. Reboot and delete the files. C:\WINNT\system32\msasmsn7.dll C:\WINNT\system32\perfcl.exe C:\WINNT\system32\wauctlxp4.exe 3. Then post a new Hijackthis log here in a reply.
  5. No problem moving this topic into the Hijackthis logs resolved forum.
  6. Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. Credit to PGPhantom for canned speech.
  7. 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/ 2. Then post a new Hijackthis log here in a reply.
  8. 1. Go to Start > Settings > Control panel > Add/remove and uninstall Viewpoint Manager. 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O4 - HKLM\..\Run: [6dt1iphf.exe] C:\WINDOWS\6dt1iphf.exe /dk O4 - Startup: 6dt1iphf.lnk = C:\WINDOWS\6dt1iphf.exe O4 - Global Startup: 6dt1iphf.lnk = C:\WINDOWS\6dt1iphf.exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...dra/ext360.html O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/118923f433b4c09d2f00/...ip/RdxIE601.cab O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\msg121.dll (file missing) 3. Reboot and delete the files. C:\WINDOWS\6dt1iphf.exe C:\WINDOWS\system32\msg121.dll 4. Then post a new Hijackthis log here in a reply.
  9. 1. Download about:buster by RubbeRDuckY Here. Save the file somewhere you will remember like to the Desktop. Please run about:buster by RubbeRDuckY: Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created. Navigate to the AboutBuster directory and double-click on AboutBuster.exe. Click "OK" at the prompt with instructions. Click "Update" and then "Check For Update" to begin the update process. If any updates exist please download them by clicking "Download Update" then click the X to close that window. Boot into safemode again. Open About:buster again Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams. Click Yes to allow it to shutdown explorer.exe. It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so. When it has finished, click Save Log. Make sure you save it as I may need a copy of it later. 2. Reboot back into normal mode and download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes. 3. Download and run http://cwshredder.net/bin/CWShredder.exe click fix. 4. Then post the about:buster log and a new Hijackthis log here in a reply.
  10. 1. Go into safemode again. 2. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing) O4 - HKLM\..\Run: [sdkuf32.exe] C:\WINDOWS\sdkuf32.exe O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkyy.exe (file missing) 3. Delete the files. If there C:\WINDOWS\sdkuf32.exe C:\WINDOWS\system32\sdkyy.exe 4. Reboot back into normal mode and post a new Hijackthis log here in a reply.
  11. 1. Make sure your PC is set to show hidden files http://www.xtra.co.nz/help/0,,4155-1916458,00.html Go into safemode go here for instructions. http://service1.symantec.com/SUPPORT/tsgen...001052409420406 2. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\engcm.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\engcm.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\engcm.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\engcm.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\engcm.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\engcm.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\engcm.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {BFD9FA3A-C0CE-30AE-2B7C-0F987054EF24} - C:\WINDOWS\system32\netij.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing) O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_17_0.dll (file missing) O4 - HKLM\..\Run: [sdkuf32.exe] C:\WINDOWS\sdkuf32.exe O4 - HKLM\..\Run: [d3mf.exe] C:\WINDOWS\system32\d3mf.exe O4 - HKLM\..\RunOnce: [crjk.exe] C:\WINDOWS\system32\crjk.exe O4 - HKLM\..\RunOnce: [sysnl.exe] C:\WINDOWS\system32\sysnl.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkyy.exe (file missing) 3. Delete the files. C:\WINDOWS\engcm.dll C:\WINDOWS\system32\netij.dll C:\WINDOWS\sdkuf32.exe C:\WINDOWS\system32\d3mf.exe C:\WINDOWS\system32\crjk.exe C:\WINDOWS\system32\sysnl.exe C:\WINDOWS\system32\sdkyy.exe 4. Reboot back into normal mode and post a new Hijackthis log here in a reply.
  12. No if you have the problem again post a new log. This thread will be moved into a read only forum HijackThis Logs (Resolved) soon.
  13. Log looks clean Are you having any problems?
  14. 1. Disable Spybots teatimer and SpySweeper. 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) 3. Reenable Spybots teatimer and SpySweeper and post a new Hijackthis log here in a reply.
  15. Can you post a new fresh Hijackthis log things might of changed a little from your last log.
  16. therock247uk

    Alexx

    1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Zero Popup Pro - {EB23F789-F17F-4bcc-988B-6B70A3A67E9C} - G:\PROGRA~1\Internet\Schutz\ZEROPO~1\ZERO-P~1.DLL 2. Reboot and delete the folder. G:\Program Files\Internet\Schutz\ZEROPO~1 < Folder starts with ZEROPO 3. Then post a new Hijackthis log here in a reply.
  17. 1. Open Hijackthis again and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis. O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINNT\FVProtect.exe 2. Reboot and delete the files. You may need to have show hidden files on go here for instructions. http://www.xtra.co.nz/help/0,,4155-1916458,00.html C:\WINNT\FVProtect.exe 3. Then post a new Hijackthis log here in a reply.
  18. 1. Ok open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fdwkjtidbzrhmcggqgcxiv.com/OXyx...3RExiWFfBO.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fovtsckjwugaan.net/OXyxLknVMs/9.../YuGsKzCno.html O2 - BHO: (no name) - {F7E1CF3A-557A-24D8-95FF-8473E7A26E10} - C:\DOCUME~1\ADMINI~1\APPLIC~1\MFCDVI~1\cakebin.exe O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINNT\FVProtect.exe O4 - HKLM\..\Run: [driveokaydebugstyle] C:\Documents and Settings\All Users\Application Data\roamoncedriveokay\upslow.exe O4 - HKLM\..\RunServices: [Configuration Loader] cmd32.exe O4 - HKLM\..\RunServices: [Microsoft .NET Configurator] msnconfig.exe O4 - HKCU\..\Run: [setup Style] C:\DOCUME~1\ADMINI~1\APPLIC~1\DRVREG~1\64jumpdebug.exe O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...soft/wtinst.cab 2. Reboot and delete the folders. C:\Documents and Settings\Administrator\Application Data\MFCDVI~1\ < Folder starts with MFCDVI C:\Documents and Settings\All Users\Application Data\roamoncedriveokay\ C:\Documents and Settings\Administrator\Application Data\DRVREG~1\ < Folder starts with DRVREG 3. Delete the files. C:\WINNT\FVProtect.exe cmd32.exe < Should be in C:\WINNT\System32 msnconfig.exe < Should be in C:\WINNT\System32 or C:\WINNT\ 4. Then post a new Hijackthis log here in a reply.
  19. I dont see any baddies there you could fix these lines in Hijackthis tho. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file) But as i said i dont see anything bad there.
  20. The log looks clean lots of AOL crap there but it looks clean. What do you mean computer acting weird?
  21. That log looks clean here What problems are you having?
  22. 1. Please post a new current log here in a reply as i cant tell which log above is the current one.
  23. 1. Ok open Hijakckthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - Default URLSearchHook is missing O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing) O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\qem1D77.dll O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe 2. Reboot and delete the files if found. C:\WINDOWS\multimpp.dll C:\WINDOWS\System32\qem1D77.dll C:\WINDOWS\zyh.exe C:\WINDOWS\System32\gxujvmr.exe 3. Then post a new Hijackthis log here in a reply.