HJThis

Volunteer Security Advisor
  • Content Count

    4,056
  • Joined

  • Last visited

Everything posted by HJThis

  1. Hello.walleyeguy7 & Welcome Please download FixWareout from here * Save it to your desktop and run it * Click Next, then Install. Make sure "Run fixit" is checked and click Finish * The fix will begin. Please follow the prompts * If your firewall gives an alert (because this tool will download an additional file from the internet) please don't let your firewall block it, but allow it instead. * Then you will be asked to reboot your computer. Please do so. Your system may take longer than usual to load .... this is normal. Once the desktop loads, please post the text that will open (report.txt) and a new Hijackthis log. Gogo
  2. Hey.frustratedrhetor So your saying all is good. You don't need any help. Gogo
  3. Hi.lilmrshill 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else. Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Then come back here with both the HijackThis log and ComboFix.txt Gogo
  4. Hi.bobbybrown Please download HoxtXpert. Unzip HostsXpert.zip Double click on HostsXpert.exe Then click on "Restore Original Hosts" to restore your Hosts file to its default condition. Click on Make Hosts Read Only to secure it against further infection. Close program when complete. ============================= Lets run an F-Secure online scan for Viruses, Spyware and RootKits: Go to http://support.f-secure.com/enu/home/ols.shtml Scroll to the bottom of the page and click the Start scanning button. A window will pop up. Allow the Active X control to be installed on your computer, then click the Accept button Click Full System Scan and allow the components to download and the scan to complete. If malware is found, check Submit samples to F-Secure then select Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan When the cleaning option is presented, Uncheck Submit samples to F-Secure Click Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post Notes: This scan will only work with Internet Explorer You must have administrator rights to run this scan This scan can take several hours, so please be patient Gogo
  5. Hi.Benko77 Please update your Java, and show me, a new Hijack-This log. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. - Examples of older versions in Add or Remove Programs: Java 2 Runtime Environment, SE v1.4.2 J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 [*]Click the Remove or Change/Remove button. [*]Repeat as many times as necessary to remove each Java versions. [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version. Let me know in your next reply how things are now. Gogo
  6. Hi.Steve Nice work may I have a new Hijack-This log. Gogo
  7. Hey.Steve of Newport Let's try an online scan see what more we may find. Yes if you can remove/uninstall limewire I would. Lets run an F-Secure online scan for Viruses, Spyware and RootKits: Go to http://support.f-secure.com/enu/home/ols.shtml Scroll to the bottom of the page and click the Start scanning button. A window will pop up. Allow the Active X control to be installed on your computer, then click the Accept button Click Full System Scan and allow the components to download and the scan to complete. If malware is found, check Submit samples to F-Secure then select Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan When the cleaning option is presented, Uncheck Submit samples to F-Secure Click Automatic cleaning When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report) Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post Notes: This scan will only work with Internet Explorer You must have administrator rights to run this scan This scan can take several hours, so please be patient Gogo
  8. Hi.CJ As always a 1000 thanks. Please perform this online scan: Kaspersky Webscan Note that this scanner will only work on Internet Explorer, so please use this browser for the scan. Read the Requirements and Privacy statement, then select "Accept" A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab Select "Install" to download the ActiveX controls that allows ActiveScan to run. When the download is complete it will say ready, click "Next" Select a target to scan: Click on "My Computer" When the scan is complete choose to save the results as "Save as Text" Post the Kaspersky scan results in your next reply, along with a new Hijackthis log. Gogo
  9. Hi.Steve of Newport Would you happen to know what this is. ----> O4 - HKCU\..\Run: [?????????] ??????????????e and may I know when Limeware is doing this is it a PC, startup.? Opps that's Limewire Gogo
  10. Hello.sasa & Welcome Updating Java and Clearing Cache 1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. 2. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. 3. If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp 4. After the reboot, go back into the Control Panel and double-click the Java Icon. 5. Under Temporary Internet Files, click the Delete Files button. 6. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files 7. Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. 8. Click OK to leave the Java Control Panel. ============================ Next Download ComboFix from Here or Here to your Desktop. Don't run just Yet! =========================== NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before. NORTON ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. * right-click it -> chose "Disable Auto-Protect." * select a duration of 5 hours (this assures no interference with the cleanup of your pc) * click "Ok." * a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard. NOTE: Again this is to be done only after downloading the tool, above not before. =========================== Now run [*]Double click combofix.exe and follow the prompts. [*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall ========================== After running ComboFix not before. Turn on the Anti-Virus scanner back on. I may ask that you disable it once more. Gogo
  11. Hello.lilmrshill & Welcome Download ComboFix from Here or Here to your Desktop. Don't run just Yet! ============================ NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before. NORTON ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. * right-click it -> chose "Disable Auto-Protect." * select a duration of 5 hours (this assures no interference with the cleanup of your pc) * click "Ok." * a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard. NOTE: Again this is to be done only after downloading the tool, above not before. =========================== Now run [*]Double click combofix.exe and follow the prompts. [*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall =========================== Please make sure to turn on the Anti-Virus scan after running ComboFix. I may ask that you disable it again. Gogo
  12. Hello.Sinalea & Welcome I'm having you do this online scan. Come back to me, with the scan results. Please submit the following files for analysis. Jotti File Submission: [*]Please go to Jotti's malware scan [*]Copy and paste the following file path into the "File to upload & scan"box on the top of the page: [*]C:\Windows\system32\admparseq.dll [*]Click on the submit button [*]Please post the results in your next reply. Please note that if you are submitting more than one file they will have to be entered one at a time. Gogo
  13. Hi.bobbybrown 1.) More feedback what problem(s) are you having with the PC. I ask because I'm not seeing much in the log. 2.) Why are you not running a FireWall. You need one today to be online. 3.) Were you trying to fix some of these items yourself. Gogo
  14. Hello.Steve of Newport & Welcome NORTON ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. * right-click it -> chose "Disable Auto-Protect." * select a duration of 5 hours (this assures no interference with the cleanup of your pc) * click "Ok." * a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard. ========================= WINDOWS DEFENDER * Click Start > Programs > Windows Defender or launch from the system tray icon. * Click on Tools & Settings > Options. * Under Real-time protection options, uncheck the "Real-time protection" check box. * Click Save. * Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save. * (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.) ========================= WINDOWS ONECARE * To Disable Antivirus: Open the Windows OneCare user interface. * Click View or Change Settings > Antivirus Tab. * Click the radio button to turn the anti-virus off. * To Disable Firewall: Open the Windows OneCare user interface. * Click View or Change Settings > Firewall Tab. * Drag down the slider to turn the firewall off. ========================= Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O13 - Gopher Prefix: Now close all windows and browsers, other than HiJackThis, then click Fix Checked. Close Hijackthis. ========================== After doing the above make sure you turn back on everything I had you disable. Come back here with new Hijack-This log. Gogo
  15. Hello.brb & Welcome Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt Gogo
  16. Hi.amagido Sorry for not getting back to you on this. Are you still in-need of help if so show me, a Hijack-This log. @ tpatch If you need help please start your own Thread. Gogo
  17. Hi.melmichelle Anytime no problem. My best to you and your's have a safe New Years! Gogo
  18. Hi.GraemeT I can't till you how sorry I am for the hold-up on this log-file. If your still in need of help show me, a new Hijack-This log. Gogo
  19. Hi.inalaguys Glad to hear all is good. If you should have anymore problems let us know. My best to you and your's. Gogo
  20. Hey.Benko77 Sorry I have not forgot about you. Just been having problems of my own on this laptop. Let's try running this tool. Download SDFix and save it to your Desktop. * Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) * Reboot into Safe Mode: ( without networking support !) °To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum with a new HijackThis log Gogo
  21. Hi. Sorry for all the delays on this. I've had very little Internet time my PC has been in a bad way. Now have a look here at some info till me, if this is the file. http://www.processlibrary.com/directory/files/wmiapsrv Next may I have you try this. Download SDFix and save it to your Desktop. * Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) * Reboot into Safe Mode: ( without networking support !) °To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum with a new HijackThis log Gogo
  22. Hi.psywzrd Let's update your Java, first then go after it like this. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. - Examples of older versions in Add or Remove Programs: Java 2 Runtime Environment, SE v1.4.2 J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 [*]Click the Remove or Change/Remove button. [*]Repeat as many times as necessary to remove each Java versions. [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version. Let me know in your next reply how things are now. ========================== Then after updating your Java, not before do this. Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!) ( Do not copy the word quote) Save this as fix.reg Choose to save as *all files and place it on your Desktop. It should look like this: Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK. ========================== Then let's do this. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: vundofix.vft Save As Type: All Files (*.*) C:\WINDOWS\system32\rqrpp.dll C:\WINDOWS\system32\pprqr.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\rqrpp.exe C:\WINDOWS\system32\njprckha * Close all other windows and programs. * Double-click VundoFix.exe to run it. * Drag vundofix.vft onto the listbox (white box) of VundoFix. * Click the "Remove Vundo" button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HijackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting =========================== Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. F3 - REG:win.ini: load=C:\WINDOWS\system32\rqrpp.exe O2 - BHO: (no name) - {464E825D-3523-410E-970A-1C5676F49F0A} - C:\WINDOWS\system32\rqrpp.dll O9 - Extra button: (no name) - AutorunsDisabled - (no file) Now close all windows and browsers, other than HiJackThis, then click Fix Checked. Close Hijackthis. Gogo
  23. Hi.justjoy Hm not much here and still with the pop-ups. Now download The Avenger by Swandog46, and save it to your Desktop. Extract avenger.exe from the Zip file and save it to your desktop Run avenger.exe by double-clicking on it. Check the 'Input script manually' box. Click on the magnifying glass icon. Copy everything in the Quote box below, and paste it in the box that opens: Now click the 'Done' button. Click on the traffic light icon and OK the prompt. You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself. A log file from Avenger will be produced at C:\avenger.txt ============================ Are be looking up some info see what this thing is. Gogo
  24. Hi.psywzrd 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else. Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Then come back here with both the HijackThis log and ComboFix.txt Gogo