4,383 Posted Topics
 | Have to be careful what you advise from now on then :D  |
| | Please post the entire MBAM log. You cut off it's head. |
| | Try running [url=http://windowsxp.mvps.org/IEFIX.htm][color=blue]IEFIX.htm[/color][/url] which will repair IE and run a System File Check. == Norton may have to be re-installed. == Can you please do the following. =============== We'll need to disable [b]AdAware's [i]AdWatch[/i][/b], since it might interfere with other program(s) we might be using to 'clean' off your system; …  |
| | Re: Hijacked? Hi and welcome to the Daniweb forums :). ========== Open Device Manager and on the VIEW Tab, select the [b]Show hidden devices[/b] option. Go down to [b]non plug and play drivers[/b] and see if there is one called [b]TDSSserv[/b] and disable it. Now try and run, update and scan with … |
| | Hi and welcome to Daniweb :). Try doing a system search for any files starting with TDSS and delete them. If found and deleted, try running those programs now. |
| | Re: frmwrk32.exe? Hi and welcome to the Daniweb forums :). ========== Do you know what C:\WINDOWS\kass.exe is? If not, please go to [url=http://virusscan.jotti.org/][u]Jotti's[/u][/url] or to [url=http://www.virustotal.com/en/virustotalf.html][u]virustotal[/u][/url] and have it scanned. Post the results back here. ==== Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and uninstall the following, if … |
| | kekerules. Please locate the following file and upload it to Jotti's for a scan. ckgbbs.dll [url]http://virusscan.jotti.org/[/url] |
| | Can you boot into safe mode? |
| | [QUOTE=cohen]No action is still being taken... Pls scan, remove everything it finds! Reboot your PC, and then post back with the log. Thanks, Cohen[/QUOTE]cohen. As you can see, he has already explained that. Please read the posts through :). [QUOTE=kingston;763124]Although Malwarebytes log says "no action taken", I did delete all …  |
| | thakkar2000. Please start hijackthis and go to "view the list of backups." Once there, select the backup created from the last 'Fix' and then hit "Restore." Most of those entries do not need to go. Once you have done that, please do the following; Please [u]download[/u] [b]ComboFix[/b] by sUBs from … |
| | cohen. He has stated that he has MBAM and that it will not start. == Open Device Manager and on the VIEW Tab, select the [b]Show hidden devices[/b] option. Go down to [b]non plug and play drivers[/b] and see if there is one called [b]TDSSserv[/b] and disable it. == Try … |
| | Hi and welcome to the Daniweb forums :). ========== Please do not hijack other members threads. I have split your posts out to their own thread. == Open Device Manager and on the VIEW Tab, select the [b]Show hidden devices[/b] option. Go down to [b]non plug and play drivers[/b] and … |
| | It's possible. Try this; 1. Please [b][u]open Notepad[/u][/b][list] [*] Click [b]Start[/b] , then [b]Run[/b] [*]Type[b] notepad.exe[/b] in the Run Box.[/list] 2. Now [b]copy/paste[/b] the entire content of the codebox below into the Notepad window: [CODE] FileLook:: c:\windows\system32\w2O201yJ.exe[/CODE] [i][b][color=#CC0000]Note: the above code was created specifically for this user. If you are … |
| | Before running combofix, please let us know how your pc is. I'm almost asleep and do not see any sign of infection in your log. Running combofix for no purpose is pointless and possibly can cause problems with your pc. |
| | Is this the same pc as here; [url]http://www.daniweb.com/forums/thread162917.html[/url] |
| | Your log is clean but I would like to see the MBAM log from it's first run. [list] [*]Go to [b]Start[/b] > [b]Control Panel[/b] double-click on the [b]Software[/b] icon > add/remove programs. [*]Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) [*]Select it and … |
 | [QUOTE=jholland1964;758960] Chris, the Deckard Scanner is no longer available, actually wish the reference could be removed from that sticky but I guess that it cannot.[/QUOTE] Done |
| | [QUOTE=Dragonf1re;689246] looks like a full format and re-install of the OS :([/QUOTE] Don't you believe it. In only a small minority is it the case where things have gotten bad enough that one needs to reformat. There are tools around that can completely remove this infection. |
| | Can you please remove the following orphan entries. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, if present: [color=#9933cc][b] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/b][/color] [color=#9933cc][b] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no … |
 | Open Device Manager and on the VIEW Tab, select the [b]Show hidden devices[/b] option. Go down to [b]non plug and play drivers[/b] and see if there is one called [b]TDSSserv[/b] and disable it. Reboot your pc and try and run MBAM again. If successful, reboot and post a log from … |
| | Hi and welcome to the Daniweb forums :). ========== Download [b]Malwarebytes' Anti-Malware[/b] ([url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url]) to your desktop. * Double-click [b]mbam-setup.exe[/b] and follow the prompts to install the program. * At the end, be sure to checkmark the [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click [b]Finish.[/b] * If an update … |
| | Firstly, hijackthis will not fix those 010 entries, as you have found out :). LSPfix should always be used to remove malware entries. Secondly, those 010 entries are legitimate. They belong to Stopzilla. |
| | Now you need to read cohen's instructions again regarding the update to MBAM. Run it again when done and post the log. |
| | There is an edit button provided so that you do not have to make new posts :). It will be at the bottom of each of your posts. I have merged some of them for you. Also, move combofix out of the temp folder and place it on the desktop. … |
| | I have removed cohens instructions for running combofix until we find out how your pc is. Combofix should only be run when necessary, so please let us know how things are and we can decide then which way to go. When was the last time you defragmented your hard drive … |
| | Re: Trojan.bho Hi and welcome to the Daniweb forums :). ========== Update MBAM and run it again please. Reboot when done and post a new MBAM log and a fresh hijackthis log. |
| | after you click on the link to download it, change the name of the application, then save it to your pc. Try it then. |
| | Do not double post. I have merged your threads. |
| | Just to be sure, was this an [b]Isass.exe[/b] or an [b]lsass.exe[/b] error? |
| | Re: Hello... Hi and welcome to Daniweb :) Please follow the directions given here [url]http://www.daniweb.com/forums/thread134865.html[/url] and post back here the logs. |
| | I would still run combofix after MBAM as it may find other nasties. |
| | [QUOTE=misterjosh;757161] and i think its a bogus scvhost, because in my task manager i see... 6, all around 2k-6k mem usage, then this one is almost 25k mem usage. and i terminate it, just to pop back up.[/QUOTE] Although you have/had nasties on board, having svchost processes behaving in that … |
| | Hi and welcome to the Daniweb forums :). ========== First of all you need to update hijackthis to version 2.0.2. [b]Download [color=blue]HijackThis[/color] from [url=http://majorgeeks.com/download.php?det=5554][u]here.[/u][/url][/b] Download it to your desktop and NOT a temporary folder. ==== Download [b]Malwarebytes' Anti-Malware[/b] ([url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url]) to your desktop. * Double-click [b]mbam-setup.exe[/b] and follow the prompts to … |
| | The 04 entry is legit so do not fix. |
| | Looks like you are still infected. Try this; Go to Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, … |
| | Can you please do the following. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, if present: [color=#9933cc][b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-qus10.hpwis.com/[/url] [/b][/color] [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-qus10.hpwis.com/[/url] [/b][/color] [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://srch-qus10.hpwis.com/[/url] [/b][/color] [color=#9933cc][b] R1 - … |
| | [QUOTE=linet;753374] I dont know what platform your machine is running[/QUOTE] Give you one guess :D [QUOTE=spyder2099;752449]I have widows XP[/QUOTE] |
| | You are running hijackthis from it's zip file. Please unzip it to a permanent folder and post another log. Is your pc any better after running MBAM? |
| | Can you please do the following. =============== Run [b]HiJackThis[/b] then: 1. Click "[b][i]Open the Misc Tools Section[/i][/b]" 2. Click "[b][i]Open Process manager[/i][/b]" - Next, while holding down the [b]CTRL[/b] key, locate ([i]if present[/i]) and click on ([i]highlight[/i]) each of the following: [b][color=#000000]C:\Windows\system32\[/color][color=#ff0000]~.exe[/color][/b] Now double-check and make sure that only those … |
| | Thank you shishir, but this thread is over 2 years old and I think the OP is long gone :). |
| | Follow Symantec's instructions for uninstalling their product, then run the removal tool; [url]http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039[/url] anti-virus= NOD32 < must be purchased. Avast < Free Firewall= COMODO < Free |
| | Hi and welcome to Daniweb forums :). Download and run MBAM as per the instructions in this link; [url]http://www.daniweb.com/forums/thread134865.html[/url] Post the log after rebooting with a new hijackthis log. |
| | [b]Download [color=blue]HijackThis[/color] [b][color=red][SIZE=3]selfextracting[/SIZE][/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you … |
| | [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] |
| | Uninstall the hijackthis version you are using and download the latest. == Download [b]Malwarebytes' Anti-Malware[/b] ([url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url]) to your desktop. * Double-click [b]mbam-setup.exe[/b] and follow the prompts to install the program. * At the end, be sure to checkmark the [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click [b]Finish.[/b] * … |
| | Unhide all your system files in folder options then do a system wide search for all files starting with TDSSserv or TDSS**** and delete them all. Rename hijackthis and try running it. You can also try renaming the applications before saving them to your pc from the popup window that … |
| | Re: Ispynow Can you post the log from the first run of combofix. That way, we will be able to see if/what it deleted. |
| | Hi and welcome to the Daniweb forums :). ========== Log looks clean except for some orphaned entries which we will remove. =============== You will have to disable [b]Spybot's Teatimer[/b] before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the … |
| | Download the following file and double click to run it. Set a system restore point first!! The file is for Windows XP only!! [url]http://www.kellys-korner-xp.com/regs_edits/desktoptab.reg[/url]  |
| | Yes, do as cohen has suggested as your log indicates that you are still heavily infected. |
The End.