therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Everything posted by therock247uk

  1. 1. Ok open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated) O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe 2. Reboot and delete the files. C:\WINDOWS\dpe.dll C:\WINDOWS\System\MSMSGSVC.exe 3. Then post a new Hijackthis log here in a reply.
  2. Woah what an old version of Hijackthis you have. Can you please download a newer Hijackthis version 1.98.2 from http://www.spywareinfo.com/~merijn/files/hijackthis.zip Unzip it into a permanent folder like c:/hjt and post a new Hijackthis log here in a reply from it.
  3. Which programs are running in the taskbar?
  4. Still having any problems?
  5. 1. Move Hijackthis to a permanent folder like c:/hjt. 2. Open Hijackthis from c:/hjt and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O3 - Toolbar: Anonymous Browsing - {14B0D0D3-D1E6-4BF6-9EEF-F050527D607D} - (no file) 3. Then post a new Hijackthis log here in a reply.
  6. 1. This line is optional but it does take you to a site that will try and download bad things onto your computer so open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html I recommened you Uninstall Aluria Spyware Eliminator. As the company Aluria has joined with WhenU. Here is a good link to read About what they did. http://forums.tomcoyote.org/index.php?showtopic=20626 I dont see ncase in your log.
  7. No problem Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051
  8. Log is clean That Searchbar gone?
  9. 1. Open Hijackthis again and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tvirauwjxvqaoadhjydoi.biz//AuaE...Cvf3pQwfc5.html 2. Then post a new Hijackthis log here in a reply.
  10. 1. You have one of these programs running on your machine and that is good. Spybot s&d (Teatimer option) But prior to doing the fix below with Hijackthis they need to be turned off. Please do the following. Right click the running icon of Spybot's teatimer, and choose exit. Unless they are turned off they could interfer with the fix by Hijackthis. 2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xclcmyohkksyefjnrymb.com//AuaEX...FCvf3pQwfc5.jsp O4 - HKCU\..\Run: [supportStyle] C:\DOCUME~1\Owner\APPLIC~1\GLOBAL~1\MAPI PROC INTER.exe 3. Reboot and delete the folders. C:\Documents and Settings\Owner\Application Data\GLOBAL~1\ < Folder starts with GLOBAL 4. Turn Spybots teatimer back on. Then post a new Hijackthis log here in a reply.
  11. 1. Please move Hijackthis to a permanent folder like c:/ so backups can be made. 2. Then open Hijackthis from c:/hjt and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jshcahnvezclzjdr.us/J4HgDYXfpYr...Zn3MbhV0ABN.jpg O4 - HKCU\..\Run: [longbait] C:\DOCUME~1\FJS\APPLIC~1\FRAGRE~1\internetdupepure.exe 3. Reboot and delete the folders. C:\Documents and Settings\FJS\Application Data\FRAGRE~1\ < Folder starts with FRAGRE 4. Then post a new Hijackthis log here in a reply.
  12. What problem are you having with the Web search Results?
  13. Its best to leave them lines alone.
  14. Log is clean What problems are you having?
  15. Ok your log is clean Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051
  16. Ok your log is clean You may want to fix this in Hijackthis as people have reported it sends Infomation about what you do. O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051
  17. 1. Ok first go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoint Manager and anything esle that starts with Viewpoint. 2. Move Hijackthis into a permanent folder like c:/hjt so backups can be made. Then open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: (no name) - {398D6858-E713-0AC3-845F-125508877F40} - C:\WINDOWS\System32\pgry.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe O4 - HKCU\..\Run: [Aiuhb] C:\WINDOWS\System32\m?iexec.exe O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab You could also fix this if you did not put the restriction on your pc. Restrictions stop you accesing certain Options in Control Panel so you cant change you homepage etc. O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 3. Reboot and delete the files. C:\Documents and Settings\Owner\Application Data\eber.exe C:\WINDOWS\System32\m?iexec.exe C:\WINDOWS\System32\pgry.dll C:\Program Files\SpyKiller 4. Reboot again and post a new Hijackthis log here in a reply.
  18. 1. Please Move Hijackthis to a permenet folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jsp N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js) 2. Reboot and post a new Hijackthis log here in a reply.
  19. 1. Move Hijackthis to a permanent folder like c:/hjt so backups can be made. Open Hijackthis from c:/hjt press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htm O2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing) O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exe O4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exe O4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exe O4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exe 2. Reboot and delete the folders. C:\Program Files\EQFLAG~1\ < Folder starts with EQFLAG C:\Documents and Settings\AYN-MA~1\Application Data\EQFLAG~1\ < Folder starts with EQFLAG C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\ C:\Documents and Settings\All Users\Application Data\win about thunk soap\ C:\Documents and Settings\AYN-MA~1\Application Data\ADMINS~1\ < Folder starts with ADMINS 3. Then post a new Hijackthis log here in a reply.
  20. Do you mean tick and fix everything in Hijackthis?
  21. Ok well your clean a bit to clean Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051
  22. Can you please post the full log that looks very very small to me
  23. 1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file) O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe" O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab 2. Reboot and delete the following files. C:\WINDOWS\System32\enss.exe C:\WINDOWS\QuickBrowser.exe C:\WINDOWS\System32\sysdoor.exe C:\WINDOWS\System32\jgsd400.exe C:\WINDOWS\System32\ipmontr.exe C:\WINDOWS\System32\ipxpromn.exe 3. Delete the folders. C:\Documents and Setting\AllUsers\Application data\Pribi\ C:\Program Files\Ebates_MoeMoneyMaker\ 4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager. 5. Then post a new Hijackthis log here in a reply.