You are running a system without a firewall,
Please download ONE of the following,
Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entrieslisted below
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roboform.com/test.html?a...NHICMEKMICNJJCKJNBJCMNJGJIJIJGJKJJNKJCMJNNICM
O2 - BHO: (no name) - {ed38042c-64e4-4bb3-a5d1-c544f92b87ad} - C:\WINDOWS\nqjmzopo.dll
O4 - HKLM\..\Run: [mzmjihyv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mzmjihyv.dll"
O4 - HKCU\..\Run: [dfgyuclr] C:\WINDOWS\system32\ovyruvgf.exe
O4 - HKLM\..\Policies\Explorer\Run: [j6y1JNGg0p] C:\Documents and Settings\All Users\Application Data\mbkjsrul\gbivovud.exe
O4 - HKCU\..\Policies\Explorer\Run: [bW1DMNGg0p] C:\WINDOWS\jepezune.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Delete Files and Folders
- Right Click on the start button and chose explore
- Show all hidden files and folders, see how HERE
- Navigate to the following files and folders and delete them(if still present)
C:\WINDOWS\System32\lxcycoms.exe<---------This File
C:\WINDOWS\system32\ovyruvgf.exe<---------This File
C:\WINDOWS\jepezune.exe<---------This File
C:\Documents and Settings\All Users\Application Data\mbkjsrul<---------This Folder
If that does not work then repeat the process in safe mode. See how to boot into Safe mode
HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***
Download and Run Malwarebytes' Anti-Malware
Please download
Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach the log in your next reply.
- If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
AVG Anti-Spyware - 1st Part
Please download the
trial version of
AVG Anti-Spyware here and install it.
When the program has been installed, and you click the
Finish button, AVG Anti-Spyware will open.
If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
- Click the Update icon at the top and under Manual Update click the Start update button.
- The program will either update or inform you that no update was available.
- It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
- Click the Shield icon at the top and under Resident shield is... click active. This should now
change to inactive.
- Click the Update icon and untick the automatic update option.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act? - make sure that Quarantine is selected.
- Under How to scan? - All checkboxes should be ticked.
- Under Possibly unwanted software - All checkboxes should be ticked.
- Under Reports - Select Do not automatically generate reports.
- Under What to scan? - Select Scan every file.
Close
all open windows.
Do not run a scan yet.
AVG Anti-Spyware - 2nd Part
Start AVG Anti-Spyware
- Click on Scanner on the toolbar.
- Click on Complete System Scan to start the scan process.
- Let the program scan your computer.
- When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Tray Icon and select Exit.
- Now attach the report back to this topic.
Run HijackThis again and post a fresh log.
In your next post you should have,
1) Malwarebytes report
2) AVG antispyware report
3) Fresh HijackThis report
4) Firewall installed
5) Updated status on how the computer is running
This thread is for the use of freakyferret only.
Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.