Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008, Internet Down***hijack Log***


  • This topic is locked This topic is locked
15 replies to this topic

#1 am4966

am4966

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 23 September 2008 - 02:19 PM

Got Antivirus XP 2008, it shut down my internet and had the usual problems. Got some stuff to work, updated McAffe, Ran SpyBot SD. But I'm not able to fix anything else.

HIJACK LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:59 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.provide.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-700158569-3367814842-3305964131-1003\..\Run: [RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-700158569-3367814842-3305964131-1003\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?')
O4 - HKUS\S-1-5-21-700158569-3367814842-3305964131-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-700158569-3367814842-3305964131-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-700158569-3367814842-3305964131-1003 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User '?')
O4 - S-1-5-21-700158569-3367814842-3305964131-1003 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User '?')
O4 - S-1-5-21-700158569-3367814842-3305964131-1003 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Search - ?p=ZCzed008YYUS_ZNxmk572YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O18 - Filter hijack: text/html - {28267dd0-d19b-4e94-a7d3-59ec4c9c3216} - (no file)
O21 - SSODL: GhTSgwJu - {5C15CD7D-F6BF-67D7-C1BB-8A8A77A0E990} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management (AppMgmt) - Apple, Inc. - (no file)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser (Browser) - Apple Inc. - (no file)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Promise Technology, Inc. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Google - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Silicon Integrated Systems Corporation - (no file)
O23 - Service: Telephony (TapiSrv) - Unknown owner - (no file)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - GEMTEKS - (no file)
O23 - Service: Network Provisioning Service (xmlprov) - GEMTEKS - (no file)

--
End of file - 12457 bytes

BC AdBot (Login to Remove)

 


m

#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 26 September 2008 - 08:32 AM

Hello am4966,

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

In your subject "Internet Down", does this mean you are using other computer to post this log?


Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


Thanks for your patient and we'll get back to you :thumbsup:

With Regards,
mas_pogi

#3 am4966

am4966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 26 September 2008 - 12:40 PM

Yes, I am posting from my Laptop....I had Antivirus XP 2008, Internet wont connect...

So, I was able to get my McAfee Updated and ran it, which cleaned some stuff out. Was able to run Spybot SD and it cleaned out stuff too...It appears that the Antivirus XP is gone, but I'm not able to connect to internet. I have been saving stuff to a Jump Drive and running it off that if possible.

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 28 September 2008 - 08:24 AM

hi.

I'm still processing your fix.

Please wait for a while. Sorry for the delay.

Mark

Edited by mas_pogi, 28 September 2008 - 08:24 AM.


#5 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 28 September 2008 - 09:10 AM

hi.

Please bear with me as we clean your computer. If your internet is still down. You can download this thru other computer and burn it to CD.


Please follow the instructions below;
  • Run HijackThis icon in your desktop by double-clicking it.
    Then do press "Do a System Scan Only".

    When the scan is complete place a check mark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)
    O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    04 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: &Search - ?p=ZCzed008YYUS_ZNxmk572YYUS
    O21 - SSODL: GhTSgwJu - {5C15CD7D-F6BF-67D7-C1BB-8A8A77A0E990} - (no file)


    After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."

  • Please download Brute Force Uninstaller .
    • Right click the downloaded BFU folder, and choose Extract All
    • Click “Next”
    • In the box to choose where to extract the files to,
    • Click “Browse”
    • Click on the + sign next to “My Computer”
    • Click on “Local Disk (C:) or whatever your primary drive is
    • Click “Make New Folder”
    • Type in BFU
    • Click “Next”, and Uncheck the “Show Extracted Files” box and then click “Finish”.
    Then,

    For IE user,
    RIGHT-CLICK HERE and choose “Save As” (in IE it’s “Save Target As”) in order to download DeepDive Remover.
    Save it in the same folder you made earlier (c:\BFU).

    For Firefox user,
    Click here.
    Goto FILE, then click on Save Page as to save the script.
    Save it in the same folder you made earlier (c:\BFU).
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe located at C:/BFU
    • Posted Image Click on Open script file. Locate Deepdive.bfu in C:\BFU.
    • Press Execute and let the program do it’s job. (Do not be startled as your taskbar will disappear for a little while.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.
    • A notepad file called BFUlogdeepdive.txt will be created on the systemdrive (usually the location will be C:\BFUlogdeepdive.txt). Post the content of that file please
  • Reboot your computer in normal mode.

  • Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe

  • Copy and paste the following text into Notepad:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    "ImagePath"=hex(2):25,53,79,73,74,65,6D,52,6F,6F,74,25,5C,73,\
    79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
    6E,65,74,73,76,63,73,00


    Save this as "fixme.reg" . Choose to save as *all files and place it on your Desktop.
    Double-click fixme.reg

  • Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your reply, please post the result of

C:\BFUlogdeepdive.txt
MBAM log
RSIT's log.txt and info.txt
Post it, do not attach them.

Thanks

Mark

#6 am4966

am4966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 02 October 2008 - 09:32 PM

I'm still getting the 372 error for Malaware so that wont work...Internet still doesnt work. Cant run the BFU.

#7 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 02 October 2008 - 09:42 PM

hi.


Can you have a screenshot for the error?

If your internet is still down. You can download this thru other computer and burn it to CD.

You can use other computer to download the tools we needed. Tools i advice you to use can be used offline.

Mark

#8 am4966

am4966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 03 October 2008 - 12:17 PM

I'll try and get a screen shot of the error code. But that prevents me from running Malaware, cant get the Deep Drive to thet BHU file. I dont know if I should try the last suggestion you posted, since I'm not able to run the others before it.

Anthony

#9 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 03 October 2008 - 06:32 PM

hi Anthony.

Ok. Let try another method.

I believe you already downloaded the Malwarebytes. Try this one below.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". See How to Boot in "SAFE MODE" tutorial if needed.

How to start Windows in Safe Mode Tutorial

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Posted Image


Then select Safe mode with networking.


After you entered on that mode. Try running Malwarebyes(Item #6 of post #5)

Let see if we can do this.

Thanks.

Mark

#10 am4966

am4966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 03 October 2008 - 10:15 PM

Wont work


Rut-time error '372':

Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was providd with your application



#11 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 03 October 2008 - 10:54 PM

hi.


Please wait for a meantime.


I'll ask my co helpers about this one.


Mark

#12 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:24 AM

Posted 04 October 2008 - 10:59 AM

Hi am4966,
One quick question, about your lost internet connection.
Did this happen at the same time you caught the XP2008 bug? Or did you run some tools to remove the infection, and then lost your internet?

Your input would help us out a lot in fixing your problem. Once we hear the answer Mas will be back with some more instructions :thumbsup:

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#13 am4966

am4966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 04 October 2008 - 04:47 PM

I got the XP2008 bug...I had internet, updated McAfee ran it it caught some stuff. Then my kids friend got back on to myspace or some other website they go to and from there I lost the ability to get back online. If I go wireless, I'm able to connect to the router but not to internet. I go direct I get nothing.

I update McAfee from my laptop and install on Desktop and it doesnt catch anything, spybot SD is the same.

Thanks for your time and attention.

Edited by am4966, 04 October 2008 - 04:49 PM.


#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 04 October 2008 - 10:35 PM

hi Am4966.


Thanks for the reply. I have a few question.

1. Did you run MBAM before? I mean before you posted your problem here in BC?
2. In my instruction in Post #9, did you arrived on safe mode? or got error while getting in safemode?
Or got an error when you perform MBAm during safe mode?

Please tell me in you're next reply.

Please follow the instruction below. Run them all in normal mode.
  • Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe

  • We Need to Repair Your Internet Connection
    • Please download WinsockXPFix from a working machine and copy it to a CD or flash media.
    • Copy the file to the desktop on the non working machine.
    • Double Click on Posted Image on your desktop.
    • Push the Posted Image button.
    • A new form will open, saying "APPLY VB_Winsock fix?" Click YES
    • Allow your system to reboot.
    Please let me know if your connection is restored in your next reply

  • *note In the event where you internet is still not restore. Download the tools from another computer.
    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.
    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.

Thanks.

Mark

#15 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:12:24 PM

Posted 08 October 2008 - 07:52 PM

hi.


Do you still need help?


Mark




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users