I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies. Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use. Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together. Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
1. Starting with v 1.27.26 ( this version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done and Re-boot.
Step 4
Please download Malwarebytes anti-malware from HERE
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 5
We need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Step 6
Download Security Check by screen317 from HERE or HERE. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Why have you not updated to Service Pack 3 (SP3) Your system will be vulnerable without it, also MS will withdraw support for systems without it sometime July this year (no more updates)
On Step 2, I removed the Celebrity Toolbar. However, I was unable to remove MyWaySA. I received a message stating "Error loading... The specified module could not be found."
I went to to Step 3 to download CCleaner. However, I am unable to download this. The message "not a valid Win32 application".
Steps 4 & 5 have not been attemped since Steps 2 & 3 were unable to be completed.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes.Instructions available HERE
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Step 4
Download CKScanner from hereImportant : Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Step 5
Download Security Check by screen317 from HERE or HERE. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
kevinf80_1d0ac6
1.1K Posts
0
June 30th, 2010 22:00
Hi earlybirds510
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
O20 - Winlogon Notify: javamain - C:\WINDOWS\Web\javamain.dll (file missing)
O24 - Desktop Component 0: (no name) - http://www.pleonast.com/images/weblogs/8/508.jpg
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot your PC
Step 2
From Add/Remove Programs via your control panel uninstall the following if present:
MyWaySA
Celebrity Toolbar
Step 3
Download and scan with CCleaner
1. Starting with v 1.27.26 ( this version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done and Re-boot.
Step 4
Double Click mbam-setup.exe to install the application.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 5
We need to see some additional information about what is happening in your machine.
Please perform the following scan:
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Step 6
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Why have you not updated to Service Pack 3 (SP3) Your system will be vulnerable without it, also MS will withdraw support for systems without it sometime July this year (no more updates)
What i`d like to see in you reply :-
Kevin
earlybirds510
3 Posts
0
July 4th, 2010 20:00
I was able to complete Step 1 with no problems.
On Step 2, I removed the Celebrity Toolbar. However, I was unable to remove MyWaySA. I received a message stating "Error loading... The specified module could not be found."
I went to to Step 3 to download CCleaner. However, I am unable to download this. The message "not a valid Win32 application".
Steps 4 & 5 have not been attemped since Steps 2 & 3 were unable to be completed.
kevinf80_1d0ac6
1.1K Posts
0
July 5th, 2010 02:00
Hello again earlybirds510,
Yep thats the way to go, if something doesn`t work or your are unsure, stop and ask. Lets try a different cleaner:
Step 1
We need to download and install a system cleaner utility, I recommend ATF Cleaner.
Please download ATF Cleaner by Atribune.
If you use Firefox browser
If you use Opera browser
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Step 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes. Instructions available HERE
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We need to see some additional information about what is happening in your machine.
Please perform the following scan:
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Step 4
Download CKScanner from here Important : Save it to your desktop.
Step 5
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like to see in your reply ;-
Kevin..