Hijack this logfile - Please help - major registry problems

Status
Not open for further replies.
Hello all,

I was wondering if someone could help me out with this nasty problem I have been having for the past 3 weeks. I followed the instructions on various malware workshops but nothing has been able to get rid of this problem.

I've scanned my system numerous times with Ewido, Spybot, Adaware, Spysubtract, Spy Sweeper and Trojan Hunter. They have all removed few 'cookie' type of malwares from Firefox, but that is about it.

My biggest issue right now is that my registy is locked as well as my taskbar, also, my 'msconfig' seems to be somehow gone because whenever I type it into run, it says that windows cannot find it. I've also tried to run 'smitRem' via SafeMode but it kept telling me that my registry editing is locked.

If someone with more experience could please review my HiJack this log and point me into the right direction, I would be extremely thankful.

Thank you very much in advance.
 
Hello and welcome to Techspot.

Your system is infected with the Rapidblaster virus.

Go HERE and download the Rapidblaster killer programme.

If you get an error when you try and run the Rapidblaster tool, go HERE and download the MSCOMCTL.OCX file. Extract it to the C:\WINDOWS\SYSTEM32\ folder.

Then click start/run and type REGSVR32 MSCOMCTL.OCX in the run box and press the enter key. Try running the Rapidblaster tool again.

Once you`ve done that. Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:
 
Hello Howard, thank you for your reply.

I downloaded Rapidblaster killer but after I scanned the system, it said that no 'rapidblaster' was detected.
 
Hi Howard!
I've done as you advised. So far, I have been able to unlock my registry which has been locked along with msconfig & taskbar which are still unfortunately locked.

I have scanned my system with every tool you advised me with, the system is apparently 'free' of any trojans/malware/spyware/etc, but I'm still having the issue with my msconfig & taskbar being locked which leads me believe the proplem is not fully gone.

I have attached my new HiJackthis log file for your review.

Thank you very much! Looking forward to your reply.
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O20 - AppInit_DLLs: msgrmate.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\scif\explorer.exe

Reboot into normal mode and turn sytem restore back on.

Post a fresh HJT log.

Regards Howard :)
 
Status
Not open for further replies.
Back