| Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) |
| HijackThis Log: Please help diagnose |
| << < (3/8) > >> |
| bobbydee:
Good Afternoon. I'm not too sure I can get through all of this. To begin with, I downloaded OTMoveIt2 and all I got was mixed up letters and symbols. Said something about the program has to be run under Win32. Also, I only have Avast anti virus 4.7 home edition. If I stop avast on-line protection, will that also disable script blocking? Do all of your instructions in your last post have to be done all at the same time or I can stop at an appropriate point. I'm not trying to be difficult, but I'm by no means a computer whiz. Thanks |
| oldman:
Do the HJT fix and the uninstalls. Skip OTMOVEIT2 for now. Run combofix. Just stop avast's standard shield (script blocker is available only if you have the Pro version.), restart it after combofix has given you the log. Just do them in order, you're probably looking at 30 min or less. |
| bobbydee:
On the HJT report: 04-HKLM Run Ebates - Not Shown 09-Extra button: Ebates - Not Shown However, 08 Extra content-menu item-Ebates,etc. was shown if this means anything. Also, I could not remove: My Search Bar Search Assistant-My search Ebates Moe Money Maker |
| bobbydee:
Combofix Log |
| oldman:
Starting to shape up. You can delete OTMOVEIT2, that error usually indicates a corrupted download. Combofix got myweb for you along with some other stuff. Open HJT, run a system scan only, check mark these lines if present O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\Robert Dombroski\Application Data\rncr.exe O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm O22 - SharedTaskScheduler: Component Categories cache daemon preloader - {6B4F2BE7-D4C4-43CE-A7DD-8F1DB92BA570} - C:\WINDOWS\system32\browseuidw.dll Close all other browsers/windows, click fix, close HJT. Please follow all previous instructions regarding security programs. Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Copy and paste all the text in the quote box below into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post. --- Quote ---File:: C:\Documents and Settings\Robert Dombroski\Application Data\rncr.exe C:\WINDOWS\System32\NDrv.exe C:\WINDOWS\acezlink.htm --- End quote --- This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log. **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Please submit these files for analysis To submit a file to virustoal, please click om this link www.virustotal.com copy and paste the following into the upload a file box (one at a time if more than one file is listed) C:\info.exe scroll down a bit and click "send file", wait for the results and post then in your next reply. I need to see the contents of a file, so I will get you to create a batch file. Open a new notepad and copy and paste the following into it copy C:\system.bat look.txt start look.txt Click file, save as. Set save it to desktop, and enter (including quotation marks) as the filename: "get.bat", click ok. You should have a file on your desktop with the icon shown at the bottom of this post. Double click it, a notepad will appear. Save it to your desktop. Do not post it. When we are online at the same time, I will unhide my email address and you can send it to me. Either that or after you make 7 more posts. I can PM you my address. Combofix log, HJT log, and the virustotal results please. Thanks |
| Navigation |
| Message Index |
| Next page |
| Previous page |