Thread: Assistance please
View Single Post
Join Date: Feb 2004
Posts: 10,145
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 770
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Assistance please

 
0
  #4
Dec 1st, 2008
Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done .
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.


===============

Scan with HijackThis and then place a check next to all the following, if present:


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {f84f05b9-3f78-4d1a-b687-81c3115e3ce4} - C:\WINDOWS\system32\wubuvomu.dll (file missing)

O4 - HKLM\..\Run: [wakirozawe] Rundll32.exe "C:\WINDOWS\system32\noyekiya.dll",s
O4 - HKLM\..\Run: [CPMa74dd569] Rundll32.exe "c:\windows\system32\yonugese.dll",a
O4 - HKLM\..\Run: [a47ee6f5] rundll32.exe "C:\WINDOWS\system32\garavebu.dll",b
O4 - HKCU\..\Run: [CPMa74dd569] Rundll32.exe "c:\windows\system32\ganoseho.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wakirozawe] Rundll32.exe "C:\WINDOWS\system32\noyekiya.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wakirozawe] Rundll32.exe "C:\WINDOWS\system32\noyekiya.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3222451807-3159451464-3569936387-1005\..\Run: [wakirozawe] Rundll32.exe "C:\WINDOWS\system32\noyekiya.dll",s (User 'IUSR_NMPR')

O20 - AppInit_DLLs: c:\windows\ c:\windows\

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\noyekiya.dll
c:\windows\system32\yonugese.dll
C:\WINDOWS\system32\garavebu.dll
c:\windows\system32\ganoseho.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote