new here, can someone check my log :)
- Thread starter RST531
- Start date
- Status
Bobbye
Posts: 16,313 +36
RST531, I don't do the hijack logs- someone will be along to review the logs. But as a matter of information, what 'clean up' are you referring to? Additionally, are you having a problem with your system that might indicate you have malware? Or are you just looking for someone to help to streamline the system?
ok sorry about that. the clean up was "Viruses/Spyware/Malware, preliminary removal instructions" the 15 step process.
link here: techspot.com/vb/topic58138 (cant post links yet)
Well my comp was acting up, i was getting pop up saying my sytem needed virus program so i closed it and then this will happen 3 more times and an hour or more later the same series of pop ups will happen again. that was the first i noticed i had a prob. and also for web searches i would get redirect to this website something like web-prayers com. so i did the above process and it seems to work now but i wanna confirm it to be safe. also i wanted my comp to be alil more streamlined since its work computer.
link here: techspot.com/vb/topic58138 (cant post links yet)
Well my comp was acting up, i was getting pop up saying my sytem needed virus program so i closed it and then this will happen 3 more times and an hour or more later the same series of pop ups will happen again. that was the first i noticed i had a prob. and also for web searches i would get redirect to this website something like web-prayers com. so i did the above process and it seems to work now but i wanna confirm it to be safe. also i wanted my comp to be alil more streamlined since its work computer.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
You haven`t attached a Combofix log as per the instructions. Nor have you let us know the results of the Panda Antirootkit scan.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cshelpdesk/start.asp?user=ppolague
O2 - BHO: (no name) - {18637589-64B3-4E6C-9D57-0FA0D96A840B} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F01720C0-6026-4C2A-90F4-F081BF246A85} - C:\WINDOWS\system32\awvww.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Click on the fix checked button.
Close HJT and reboot your system.
Post fresh HJT and Combofix logs, as well as the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You haven`t attached a Combofix log as per the instructions. Nor have you let us know the results of the Panda Antirootkit scan.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cshelpdesk/start.asp?user=ppolague
O2 - BHO: (no name) - {18637589-64B3-4E6C-9D57-0FA0D96A840B} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F01720C0-6026-4C2A-90F4-F081BF246A85} - C:\WINDOWS\system32\awvww.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Click on the fix checked button.
Close HJT and reboot your system.
Post fresh HJT and Combofix logs, as well as the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Let me know if you`re still having problems.
Regards Howard
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Let me know if you`re still having problems.
Regards Howard
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Use the following script in Combofix as last time.
Once done, delete the C:\Qoobox folder.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Once done, delete the C:\Qoobox folder.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
