Jump to content

Trevuren

Trusted Malware Techs
  • Content Count

    246
  • Joined

  • Last visited

Everything posted by Trevuren

  1. Hi vixenelle, I have been replying to your post in another forum. I can't see the use of maintaining both threads. I recommend closure of this thread Trevuren
  2. Hi coggley, Sorry to hear that you are running into problems with some of these fixes. No matter, we usually have backup methods to help people through this. Please try this, it does the same thing. I am seriously thinking about changing this to my main fix. Please download DelDomains 2002 Right-click on the deldomains.inf file and select Install Once it is finished your Zones should be reset. REBOOT Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection. Don't forget to send me the fresh log for review. Regards, Trevuren
  3. Hi Dave, 1) You are still running HijackThis from a Temporary folder. I think this will be easier for you: try putting HJT here: C:\HijackThis\Hijackthis.exe 2) I think that your system may be suffering from an nfection that some call: ABOUT:BLANK v 2/4 WXP/2K with running service, others just call Dr Watson Debugger. To confirm this diagnosis, we need a start page and a Search Page, both of which are missing from your log so let's go get them back. Open Internet Explorer>>Tools>>Reset Web Settings. Place a checkmark in the box and click YES. Exit Internet Explorer and REBOOT your system 3) Now we will try and get rid of some of those pesky 015 entries in HijackThis. Copy the data from the code box below to a notepad file. Save to the DESKTOP (so you can find it) as ALL FILES, with the name of KILLTRUSTED.REG Then double click the file - when it asks say yes to merging with the registry. REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] If you have IE-SPYAD installed it will need to be reinstalled as this will wipe all the trusted and restricted zones from the system. REBOOT your system 4) With all windows closed except HJT, run HijackThis, SCAN, produce a log and POST it into this thread. Regards, Trevuren
  4. Hi coggley, my name is Trevuren and welcome to PC Pitstop. 1) I suggest you bookmark this page so you can more easily find your way back here when you receive a response. 2) Download the most current version of Hijackthis (v.1.99.1)to a folder of its own. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process! A. Please go to your 'My Documents' folder, right-click and select 'New > Folder' and name the folder 'HijackThis'. B. Download Hijackthis from:HERE C. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder. D. Close ALL windows except HJT E. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy') F. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste') DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER Regards, Trevuren
  5. Hi jatt7846, We will try that one again but we will reverse the order of things a bit. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. With all other windows closed except HijackThis, run HJT, click SCAN and place a check mark beside the following entry: O20 - AppInit_DLLs: piy60wsx4j6.dll With the item selected, click FIX and exit the program. REBOOT INTO SAFE MODE Inasmuch as you had a bit of a problem with this go to this link and choose the method which is applicable to your system. Symantec Safe Mode Remember to write down the instructions so they will be handy when you need them. Now using Windows Explorer, find and DELETE the following file: piy60wsx4j6.dll. 1) It may be in the C:\Windows (folder) or 2) C:\Windows\system32 (folder) or 3) If you cannot find it through Windows Explorer, GOTO START>>Search>>For Files and Folders. Choose the "all files and folders" option and copy and paste piy60wsx4j6.dll into the box labelled "All or part of the File Name". Let it run its course. If it finds 1 or more instances of the file, Right Click on each one and select DELETE. When all is finished, return to your desktop and following the instructions provided in the link I gave you, REBOOT your system into Normal Mode. Now run HJT, Click SCAN, Produce a log Post the log into this thread. Regards, Trevuren
  6. Hi jatt7846, We are making excellent progress and are left with 2 slightly difficult ones to get rid of. Just follow my lead and we will get you nice and clear. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. We will start by working on the bad 020 file. This time I want you to start by REBOOTING into SAFE MODE. Inasmuch as you had a bit of a problem with this last time go to this link and choose the method which is applicable to your system. Symantec Safe Mode Now while in safe mode, with all other windows closed except HijackThis, run HJT, click SCAN and place a check mark beside the following entry: O20 - AppInit_DLLs: piy60wsx4j6.dll With the item selected, click FIX and exit the program. Now using Windows Explorer, find and DELETE the following file: piy60wsx4j6.dll. 1) It may be in the C:\Windows (folder) or 2) C:\Windows\system32 (folder) or 3) If you cannot find it through Windows Explorer, GOTO START>>Search>>For Files and Folders. Choose the "all files and folders" option and copy and paste piy60wsx4j6.dll into the box labelled "All or part of the File Name". Let it run its course. If it finds 1 or more instances of the file, Right Click on each one and select DELETE. When all is finished, return to your desktop and following the instructions provided in the link I gave you, REBOOT your system into Normal Mode. Now run HJT, Click SCAN, Produce a log Post the log into this thread. Regards, Trevuren
  7. Hi jatt7846, Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. 1) You have Winpatrol running on your machine and that is good. But prior to doing the fix below with hijackthis it needs to be turned off. Please do the following. Right click the running icon of winpatrol, and choose exit. Unless it is turned off it could interfer with the fix by hijackthis. 2)Now let's do some work on your log: First we need to make all files and folders VISIBLE: Go to start>control panel>folder options>view (tab) *choose to "show hidden files and folders," *uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes. *Close the window with ok *All hidden files will now be visible Close all browser windows and RUN HijackThis. . Click the SCAN button to produce a log. . Click the Config button located in the lower right hand corner of the HijackThis window. . When the new screen opens, find and click the Miscellaneous Tools button. . Then choose the Open Process Manager button. . From the list of processes, hilight the following item by clicking it, then DELETE it by clicking the KILL button: C:\WINDOWS\System32\tibs3.exe Once all items have been KILLED, click the Back button which will return you to the HijackThis main window. Now place a check mark beside each one of the following Mandatory items as well as those Optional items that you choose based upon the information provided in green. MANDATORY ITEMS R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\gs2027r9lxm.dll O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\System32\w32sup.exe O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra button: Microsoft AntiSpyware helper - {1134A921-FAA4-408B-B988-17B862D5FEF0} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1134A921-FAA4-408B-B988-17B862D5FEF0} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {1706AF00-5B3B-477A-A02E-860F9857A9D1} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1706AF00-5B3B-477A-A02E-860F9857A9D1} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {3B413E53-E912-4DB5-AD20-E2DAE1A7BB20} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3B413E53-E912-4DB5-AD20-E2DAE1A7BB20} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {58396E3F-67BC-4683-8143-1464BD4762D6} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {58396E3F-67BC-4683-8143-1464BD4762D6} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {67F58C3A-57E4-4F19-A51E-321504A0336B} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {67F58C3A-57E4-4F19-A51E-321504A0336B} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {77823D14-1C37-4D41-969F-A8D5BF6A4984} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77823D14-1C37-4D41-969F-A8D5BF6A4984} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {7C18C0EA-5D96-4280-AB46-910C191A4F55} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7C18C0EA-5D96-4280-AB46-910C191A4F55} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {8A353DD2-3EFA-4160-A84B-44D73DFAA19D} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A353DD2-3EFA-4160-A84B-44D73DFAA19D} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {C3199577-F4C2-4475-BCE9-4A7A148E7BEF} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3199577-F4C2-4475-BCE9-4A7A148E7BEF} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {CA3B0DB6-4B03-4B79-8EB7-DDA14EAFCF22} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CA3B0DB6-4B03-4B79-8EB7-DDA14EAFCF22} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {DE2BA1C2-53F3-4F34-8508-9DCAAB25CE8D} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DE2BA1C2-53F3-4F34-8508-9DCAAB25CE8D} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {E38F12A1-81E1-4998-9189-FD9A0E8EC664} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E38F12A1-81E1-4998-9189-FD9A0E8EC664} - (no file) (HKCU) O13 - WWW. Prefix: http:// O15 - Trusted Zone: *.greg-search.com O16 - DPF: {073E2947-7AD1-67DB-8238-5A8770FF639B} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {0B48E232-6362-11A6-56E1-260E67A668FA} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {0D41F0E9-B13A-4252-29A3-095E62F67D18} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {0F136A3C-D1E2-58A8-E64A-1B1D4EC27114} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {1A2428B1-ECBB-5529-5046-46E55989721F} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {1A41DBCB-9C88-48DC-B2FD-4FB12711E23C} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {1D11835C-7679-50B8-2EA0-4E055EACE185} - http://69.50.163.12/1/rdgUS1124.exe O16 - DPF: {25FA0253-D4E5-70C4-8B84-082E26BDDD55} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {28D1E0AD-862D-1757-1DEE-563321246496} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {2B88574B-1F6D-5A4C-EE5D-50403D3ABE09} - http://69.50.163.12/1/rdgUS1124.exe O16 - DPF: {2F91A676-939F-2468-94E4-697418A063A0} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {37249927-F80D-73F2-CB0F-419014E304C9} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {3EA3B664-1E0E-59D4-BB2C-221626838F20} - http://69.50.163.12/1/rdgUS1124.exe O16 - DPF: {3EFCF256-A8EB-2ECE-99E9-45B15F14AA51} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {40DCF6EE-1384-15E4-398B-7BAA08342C16} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {4768F832-B86E-6D8B-E4F1-29E862ABC955} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {4B846B2F-DE42-3D8D-7E92-32AA16A22EF6} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {514143ED-8E0A-637C-3F4B-777A2B77CEDF} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {6517C659-F13C-29D4-8889-63801C15C8F5} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {6A095A8A-F838-4F5D-A2F5-49566F67BD27} - http://69.50.182.94/1/rdgUS1754.exe O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.globalphon.com/dialer/internazionale_ver4.CAB O20 - AppInit_DLLs: piy60wsx4j6.dll O23 - Service: mserv.exe (anem) - Unknown owner - C:\WINDOWS\mserv.exe (file missing) OPTIONAL ITEMS The following item is considered to be a "resource hog". Its removal should enhance the performance of your system. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE If you did not put the following item in your Trusted Zone, then include it in the Fix: O15 - Trusted Zone: *.greg-search.com Now with all the items selected and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode How to use the F8 method to Start Your Computer in Safe Mode *Restart the computer. *as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. *Use the arrow keys to select the Safe mode menu item *press Enter. Using Windows Explorer, locate the following files/folders, and delete them (if they are present): FILES C:\WINDOWS\System32\gs2027r9lxm.dll C:\WINDOWS\System32\w32sup.exe C:\WINDOWS\mserv.exe C:\WINDOWS\System32\tibs3.exe C:\WINDOWS\dnscleaner.exe C:\S3tray2.exe C:\piy60wsx4j6.dll C:\rdgUS1754.exe FOLDERS (with all their content) C:\Program Files\WildTangent C:\Program Files\MarketBrowser Exit Explorer, and REBOOT BACK INTO NORMAL MODE Finally,RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now. Regards, Trevuren
  8. Hi jatt7846, That was an excellent geginning. However we have a lot more work to do. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. 1) Please download CWShredder. Download the stand alone version which is free .Check for Update .Click Fix. .Exit CWShredder. .REBOOT your system 2) I want you to run at least one, and preferably both, of the following FREE online antivirus scanners, making sure that you choose to do a "complete scan" and letting the program fix everything it finds. It is also necessary to REBOOT your system after running each program. TrendMicro Free Virus Scanner and Panda Software Online Virus Scanner. 3) I would also like you to download and run a free trial version of an anti-trojan program called Trojan Hunter: Trojan Hunter . Let it scan your whole system and remove anything it finds. REBOOT your system. 4) Finally, with all windows closed except for HJT, run HijackThis, click on SCAN, then on Save Log and POST log back into this thread. Regards, Trevuren
  9. Hi jatt7846, Welcome to the PC Pitstops Forums. My name is Trevuren and I will be helping you with your log There are certain procedures that you must follow before we can make any beneficial changes to the way your system is working. 1) Things in these forums have a tendancy to get confusing at times. In order to make sure that you can always find your way back here consider Bookmarking this page. 2) I would also recommend that you enable "email notification" in your Control Panel Settings so you will know when I have replied to one of your posts. 3) Please follow all the steps described in the following link before posting your HijackThis log. Do These Things First Regards, Trevuren
×
×
  • Create New...