Page 1 of 8 123 ... LastLast
Results 1 to 10 of 73
  1. #1
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Question MAJOR browser hijacker

    I have done everything your website instructed for downloading and running several spyware, malaware and anti-virus programs.
    When it came time for me to post, the ***damn hijacker wont let me post, so I am trying it here.(which means I had to go to another computer and resend)

    I have run: CCleaner, SuperAntispyware, Malwarebytes, and Hijack this.

    Still have IE, Firefox and Chrome (which cant even load) each giving me webpages I didnt request and redirecting almost every page request to some earn money website.

    I am feeling doomed, and cant understand how all of the programs are still missing the problem. Could someone help? Please:4-dontkno

    Thank you so very much for your time


    The following are logs:


    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Database version: 4105

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/26/2010 6:28:08 PM
    mbam-log-2010-05-26 (18-28-08).txt

    Scan type: Quick scan
    Objects scanned: 32748
    Time elapsed: 9 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:03 PM, on 5/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\OEM13Mon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
    O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry
    O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    O4 - HKCU\..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1264110459296
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla..._installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11505 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/26/2010 at 07:23 PM

    Application Version : 4.38.1004

    Core Rules Database Version : 4994
    Trace Rules Database Version: 2806

    Scan type : Complete Scan
    Total Scan Time : 00:44:35

    Memory items scanned : 505
    Memory threats detected : 0
    Registry items scanned : 7047
    Registry threats detected : 1
    File items scanned : 27752
    File threats detected : 38

    System.BrokenFileAssociation
    HKCR\.exe

    Adware.Tracking Cookie
    C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91469.blueseek[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ad.jmg[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@tacoda[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt

    Trojan.Agent/Gen-NaNa
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8B4ABC5-DC74-47F9-92E6-EF27A6652E5F}\RP170\A0022697.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8B4ABC5-DC74-47F9-92E6-EF27A6652E5F}\RP170\A0022700.EXE

  2. #2
    Member Spyware Fighter NeonFx's Avatar
    Join Date
    Jan 2010
    Location
    California
    Posts
    1,106
    Points
    86

    Default

    Hello there Welcome to the Help2Go Forums.
    My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


    Please note the following:
    • The fixes are specific to your problem and should only be used on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
    • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.




    Step 1

    Download OTS to your Desktop

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Basic Scans please change the radio button under Registry from Safe List to All.
    • Under Additional Scans check the following:
      • Reg - Desktop Components
      • Reg - Disabled MS Config Items
      • Reg - NetSvcs
      • Reg - Shell Spawning
      • Reg - Uninstall List
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EvtViewer (last 10)

    • Please paste the contents of the following codebox into the Custom Scans box at the bottom

    Code:
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


    To ensure that I get all the information this log will need to be attached. Please attach the log in your next post. To do so click on the gray "Reply to Thread" button or "Go Advanced" and click on the "Manage Attachments" button. You will get a dialog where you can "Browse..." for the file.

    Step 2

    GMER Rootkit Scanner
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable your security programs when done.



    If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

    If you continue to have trouble with it, try running it without the "Files" scan checked.


    Again, if the results are really long, please attach them using the instructions I gave you at the end of step 1. This is to avoid having to scroll down the page too much and make the space cleaner.

  3. #3
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Default

    I have dealing with this for over three days, the solution, I actually have been having problems for months. I think it got through from Skype, which i uninstalled. Now the problem is that I cant get my wireless to connect, it just keeps searching for an ip address.
    I am running the above programs once more to see if I can get it to free my wireless up.
    Let you know in a few

    Thanks for helping

  4. #4
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Default

    ok still can't get the internet. Any ideas?

  5. #5
    Member Spyware Fighter NeonFx's Avatar
    Join Date
    Jan 2010
    Location
    California
    Posts
    1,106
    Points
    86

    Default

    Let's try this:

    TCP/IP stack repair options for use with Windows XP with SP2 or SP3.

    Go to Start, Run, type in CMD, and press OK to open a command prompt.

    To reset WINSOCK entries to installation defaults type in the following and press Enter:

    netsh winsock reset catalog

    To reset TCP/IP stack to installation defaults type in the following and press Enter:

    netsh int ip reset reset.log


    Reboot the machine and let me know if that helped.

  6. #6
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Default

    didnt work.
    I can't firewall to enble and i cant get it to start in safe mode. Am i doomed??

  7. #7
    Member Spyware Fighter NeonFx's Avatar
    Join Date
    Jan 2010
    Location
    California
    Posts
    1,106
    Points
    86

    Default

    Before we try something else, please make sure these settings are in place:

    See HERE


    Following the instructions and images on that website, make sure both Obtain an IP address automatically and Obtain DNS server automatically are selected. Then press Ok a couple times to exit out of the applets.

  8. #8
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Default

    was able to get to safe mode (third time the charm)

    So now I am in safe mode

  9. #9
    Member Spyware Fighter NeonFx's Avatar
    Join Date
    Jan 2010
    Location
    California
    Posts
    1,106
    Points
    86

    Default

    It looks like we posted at the same time. Networking doesn't work in Safe Mode.
    Last edited by NeonFx; 05-28-2010 at 01:19 PM.

  10. #10
    Member
    Join Date
    May 2010
    Location
    Texas
    Posts
    42
    Points
    0

    Default

    ok so great minds think alike. good to know.

    I have the computer waiting for instructions in safe mode, lets get this sucker

Page 1 of 8 123 ... LastLast