bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
edit:
April 13th, @09:17PM
| reply to halfHAVOC
Re: [HJT Log] Slowdown + Can't go on websites
You have a ton of problems. One is a Wareout infection we will deal with in the next session. Lets get the rest of the junk pretty much out of the way first.
TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• In the File menu click Exit to exit Spybot Search & Destroy.
• Download and Unzip to your Desktop: »www.techsupportforum.com/sectool···imer.zip
• Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.
Please download ATF Cleaner
It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
• Double-click ATF-Cleaner.exe to run the program.
First Step:
• Under Main choose: Select All
• Click the Empty Selected button.
Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button. :!: Click Exit on the Main menu to close the program.
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.
Malware Removal Steps
1. Open HijackThis again, System scan only. Checkmark these items:
O2 - BHO: {644a70f8-a1f8-8dba-1044-b36ed7429852} - {2589247d-e63b-4401-abd8-8f1a8f07a446} - C:\WINDOWS\system32\vhkdgtkp.dll
O2 - BHO: (no name) - {27BED0D7-0938-4700-9060-A436B69EB7BC} - C:\Program Files\Common Files\horev4444.dll (file missing)
O2 - BHO: (no name) - {9C3831AF-F271-4DB6-BB2C-DCD46F9BF462} - C:\Program Files\MSN\comeqoc89104.dll (file missing)
O2 - BHO: (no name) - {A67DA44A-58A5-4161-B77D-848247B6748C} - C:\Program Files\Common Files\horev7.dll (file missing)
O2 - BHO: (no name) - {A9457564-1FAB-4C4C-818D-417BA5F56D9C} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {D4FF871C-5791-47D0-B8CC-20AE3D0801FA} - C:\WINDOWS\system32\geeba.dll
O2 - BHO: (no name) - {DDBA5775-1351-4F21-881E-A4ADC9BEAB75} - C:\Program Files\Common Files\horev83122.dll (file missing)
O2 - BHO: nextads browser optimizer - {fed76bfd-a0ff-938f-507d-216c8ab86a74} - C:\WINDOWS\system32\{12fdb189-6534-5715-5717-a9c2868b4931}.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [dmxvp.exe] C:\WINDOWS\system32\dmxvp.exe
O4 - HKLM\..\Run: [dmotx.exe] C:\WINDOWS\system32\dmotx.exe
O4 - HKLM\..\Run: [d48e37be] rundll32.exe "C:\WINDOWS\system32\rggodyor.dll",b
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{12fdb189-6534-5715-5717-a9c2868b4931}.dll" DllInit
O4 - HKLM\..\Run: [BMd7bd0422] Rundll32.exe "C:\WINDOWS\system32\fmxmufxp.dll",s
O4 - HKCU\..\Run: [Rusc] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\MANTEC~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Gzchx] "C:\Program Files\Common Files\??mantec\??xplore.exe"
O8 - Extra context menu item: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8951C65-92EC-4161-9459-B755EB19927C}: NameServer = 85.255.113.114,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED2FEFA9-FFF5-4140-B90D-060BC9431E7E}: NameServer = 85.255.113.114,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8
O20 - Winlogon Notify: efcccaa - efcccaa.dll (file missing)
O20 - Winlogon Notify: iifefEUl - iifefEUl.dll (file missing)
O20 - Winlogon Notify: opnklmk - opnklmk.dll (file missing)
O20 - Winlogon Notify: rqrstqn - rqrstqn.dll (file missing)
O20 - Winlogon Notify: ssqrrpo - ssqrrpo.dll (file missing)
O21 - SSODL: MvpPwwv - {D48E3712-7E24-9DB8-DFA3-50C4B3DD1E5B} - (no file)
Click "Fix checked" and when the log panel clears exit HijackThis.
2. Download SDFix and save it to your Desktop.
Double clickSDFix.exe and it will extract the files to the Windows Directory, C:\SDFix.
Please then reboot your computer in Safe Mode by doing the following :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press [Enter].
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.ba to start the script.
• Type Y[ to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display ]Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
• For now, simply close Notepad.
3. Download and Run -- ComboFix©
Download this file -- to your Desktop -- from any of these sources:
• Disconnect from the Internet.
• Disable your Antivirus software -- this includes any Script Blocking Feature it may have.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
4. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.
5. Run HijackThis again, and save the log file.
Submit to the Forum:
• The contents of C:\SDFix\Report.txt;
• The MBAM log results;
• The contents of C:\Combofix.txt;
• The new HijackThis log.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
halfHAVOC
14
join:2002-05-30
New Jersey
edit:
April 13th, @11:35PM
| dude ahhh after the sdfix step
my internet isn't working so i can't download combofix and move on!!!!!!!
what do i do!?? im posting from another pc in my house right now.
should i download it on here and send it thru the network or somethin?
oh also, i get this red balloon in the traybar saying your computer may be at risk. and when i did the hijackthis , some of the stuff u posted was not there like all the O2's and few one or two other ones were just not there..... please help ASAP!! |
