Help spyware adware hijacker problems

[datofarid]

hello. I'm new here and i don't know whats going on with my pc.
suddenly my internet explorer (well im using avant) cant load page.
once i start the pc i can surf and about 30 minutes all pages cannot load. unless if i refresh many times.
this happend before but i used hijackthis to delete and everythings ok till yesterday.
i repeated the same thing but it seems like the R0 prob is still there.
i suspect it was my YM.
so i deleted my YM.
and it seems a BIT ok.
but i cant reinstall my YM now.
oh my..
i've tried everything i know.




R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)


the R0 is definitely blank. while the other three have yahoo website n others.

 

[mflynn]

Hi datofarid

Do all between the lines first!
----------------------------------------------------------------------------------------------------------------------------------
D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.

Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

----------------------------------------------------------------------------------------------------------------------------------

Then continue here after reboot to normal mode.

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Skip no steps (do not install another virus scanner if you already have one).

Most importantly update MalwareBytes and SuperAntiSptware!

Before you scan with SuperAntiSpyWare do the below:

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and attach their logs.

Do this correctly and we will make a short job of this!

If they will not update then try running without updates. If they will not update or run then do the below:

Special case where after installing MBAM and SAS they will not update or run.

https://www.techspot.com/vb/post684649-3.html

Mike

 

[datofarid]

hey there

hello.
i'll try to do it now since i've just finished downloading all the softwares.
but what about my internet explorer properties.?
the homepage area is totally blank.
there's only http///
i used super antispyware just now to make sure my homepage does not change n notify me if my home page has changed.
and the notifications appear every 5 seconds.

 

[mflynn]

If you can download and run the tools it will fix those issues. Since they are the cause of this we fix them IE will be OK!

Just git r dun!

Mike

 

[datofarid]

there you go.

there you go.

i cannot install my yahoo massenger.
during the 6th step.
the downloading maintan at 0%.
and sometimes at 1%.
and after an hour i checkd it again.
it became 100% but nothing happened. =(

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

 

[mflynn]

Yeah it is always a good idea to remove them after you find them.

i cannot install my yahoo massenger.

DO NOT be installing or uninstalling other programs while cleaning Malware. You risk both reinfection and interfereing with the cleanup process.

If you were to read the log you would see WindowsLive messenger is already infected.

Do not worry about Java at this time.

Get us an SAS log in addition to the mew MBAM log after cleaning.

Run HJT Scan only Select and remove the below:
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

Mike

 

[datofarid]

ok

ok i've done all of it.
and it seems ok.
and i've deleted the BHO file in hijackthis.
=) heres the new log.

 

[mflynn]

You are not removing them, the log says "No Action taken"!!??

You have to click next to remove! See post #6.

These scans take too long to just click out at the end and not remove what they found.

I wouldn't know why it would be running better as you have removed/cleaned nothing.

And where is the SAS log and a new HJT log?

Mike

 

[datofarid]

i thot they've deleted all of them.

heres the HJT log.

now im scanngin with SAS

oops . *scaning*

there you go pal.

 

[mflynn]

At sometime in the past ComboFix has been run on this computer.

So lets do that one more time.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Post log. And now give me a status look and feel how does everything work now. What problems remain.

EDIT: Did you do do the Special case Fixit?

Mike

 

[datofarid]

hey

sorry was busy with my assignment.=)

i didnt do the special kit fixit.

i found some file yesterday in the quarantine zone in my MBAM.
should i delete it.?


heres the combofix n HJT logs.

 

[mflynn]

Good morning datofarid

Yes clear the Quarantine!

Run HJT select and remove the below.
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

Please run Special case where after installing MBAM and SAS they will not update or run.
https://www.techspot.com/vb/post684649-3.html

Then...

Whoa!
Run ComboFix again there were a lot of deletions (possibly false positives) we need to see what is left after last combofix run. Attach new log.

Then.....

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike

 

[datofarid]

hey sorry dude.
assignments
hey mike.
my PC now seems good i think.
but i'll do the SDFix thingy after this.
btw.
u know when we watch youtube, theres a "watch in high quality" that we cn click right.?
if i use mozilla its there.
but when i use avant browser (my favourite browser) its not there.
after i update the latest version, it was there again but then after i restart my PC, there you go, it disappeared.

or is it because of youtube itself.?
cause just now i used firefox its not there too.