Sponsored By

therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Posts posted by therock247uk


  1. 1. Ok open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)

    O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

    O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

    2. Reboot and delete the files.

    C:\WINDOWS\dpe.dll

    C:\WINDOWS\System\MSMSGSVC.exe

    3. Then post a new Hijackthis log here in a reply.


  2. 1. Move Hijackthis to a permanent folder like c:/hjt.

    2. Open Hijackthis from c:/hjt and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    O3 - Toolbar: Anonymous Browsing - {14B0D0D3-D1E6-4BF6-9EEF-F050527D607D} - (no file)

    3. Then post a new Hijackthis log here in a reply.


  3. 1. This line is optional but it does take you to a site that will try and download bad things onto your computer so open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

    I recommened you Uninstall Aluria Spyware Eliminator. As the company Aluria has joined with WhenU. Here is a good link to read About what they did. http://forums.tomcoyote.org/index.php?showtopic=20626

    I dont see ncase in your log.


  4. 1. You have one of these programs running on your machine and that is good.

    Spybot s&d (Teatimer option)

    But prior to doing the fix below with Hijackthis they need to be turned off.

    Please do the following.

    Right click the running icon of Spybot's teatimer, and choose exit.

    Unless they are turned off they could interfer with the fix by Hijackthis.

    2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xclcmyohkksyefjnrymb.com//AuaEX...FCvf3pQwfc5.jsp

    O4 - HKCU\..\Run: [supportStyle] C:\DOCUME~1\Owner\APPLIC~1\GLOBAL~1\MAPI PROC INTER.exe

    3. Reboot and delete the folders.

    C:\Documents and Settings\Owner\Application Data\GLOBAL~1\ < Folder starts with GLOBAL

    4. Turn Spybots teatimer back on. Then post a new Hijackthis log here in a reply.


  5. 1. Please move Hijackthis to a permanent folder like c:/ so backups can be made.

    2. Then open Hijackthis from c:/hjt and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jshcahnvezclzjdr.us/J4HgDYXfpYr...Zn3MbhV0ABN.jpg

    O4 - HKCU\..\Run: [longbait] C:\DOCUME~1\FJS\APPLIC~1\FRAGRE~1\internetdupepure.exe

    3. Reboot and delete the folders.

    C:\Documents and Settings\FJS\Application Data\FRAGRE~1\ < Folder starts with FRAGRE

    4. Then post a new Hijackthis log here in a reply.


  6. 1. Ok first go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoint Manager and anything esle that starts with Viewpoint.

    2. Move Hijackthis into a permanent folder like c:/hjt so backups can be made. Then open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    O2 - BHO: (no name) - {398D6858-E713-0AC3-845F-125508877F40} - C:\WINDOWS\System32\pgry.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

    O4 - HKCU\..\Run: [Aiuhb] C:\WINDOWS\System32\m?iexec.exe

    O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

    You could also fix this if you did not put the restriction on your pc. Restrictions stop you accesing certain Options in Control Panel so you cant change you homepage etc.

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    3. Reboot and delete the files.

    C:\Documents and Settings\Owner\Application Data\eber.exe

    C:\WINDOWS\System32\m?iexec.exe

    C:\WINDOWS\System32\pgry.dll

    C:\Program Files\SpyKiller

    4. Reboot again and post a new Hijackthis log here in a reply.


  7. 1. Please Move Hijackthis to a permenet folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jsp

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)

    2. Reboot and post a new Hijackthis log here in a reply.


  8. 1. Move Hijackthis to a permanent folder like c:/hjt so backups can be made. Open Hijackthis from c:/hjt press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htm

    O2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing)

    O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exe

    O4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exe

    O4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exe

    O4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exe

    2. Reboot and delete the folders.

    C:\Program Files\EQFLAG~1\ < Folder starts with EQFLAG

    C:\Documents and Settings\AYN-MA~1\Application Data\EQFLAG~1\ < Folder starts with EQFLAG

    C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\

    C:\Documents and Settings\All Users\Application Data\win about thunk soap\

    C:\Documents and Settings\AYN-MA~1\Application Data\ADMINS~1\ < Folder starts with ADMINS

    3. Then post a new Hijackthis log here in a reply.


  9. 1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)

    O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe

    O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe

    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

    O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe

    O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

    O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe

    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

    2. Reboot and delete the following files.

    C:\WINDOWS\System32\enss.exe

    C:\WINDOWS\QuickBrowser.exe

    C:\WINDOWS\System32\sysdoor.exe

    C:\WINDOWS\System32\jgsd400.exe

    C:\WINDOWS\System32\ipmontr.exe

    C:\WINDOWS\System32\ipxpromn.exe

    3. Delete the folders.

    C:\Documents and Setting\AllUsers\Application data\Pribi\

    C:\Program Files\Ebates_MoeMoneyMaker\

    4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager.

    5. Then post a new Hijackthis log here in a reply.