A
AndyManchesta
Hi paul Yeah it may take a few tries but it should be
alot easier now i can see the log,there's some other
problems showing which we need to clean up
Your Internet Protocol Defaults could be missing O15 -
ProtocolDefaults: 'http' entries in Hijack This,The other
is a Hijack,015 *.slotchbar.com (means they are now in
your trusted sites list and can download things without
your consent) if the Protocol lines keep coming back you
can goto windows updates and reinstall the latest version.
Please copy this page to Notepad. You should not have any
open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab
and make sure that 'Show hidden files and folders'
(or 'Show all files') is enabled. Also make sure
that 'Display the contents of system folders' is checked.
Windows XP's search feature is a little different. When
you click on 'All files and folders' on the left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.
Check Add/Remove Programs screen for :
Weatherbug
Do not uninstall WeatherBug if you value the service that
it offers and can accept the advertisements.Weatherbug is
not spyware, however it is adware. It doesnt monitor,
or 'spy',but is considered adware since it's free version
is ad-supported.
Download Deldomains
http://www.greyknight17.com/spy/DelO15Domains.inf
and choose Save As. Save it to your desktop.
Download Ccleaner:
http://download.ccleaner.com/download119bin.asp
Download Hoster
http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=2654.0;id=285
run hijack and tick all these entries :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://shdocpl.dll/asst.htm
O2 - BHO: (no name) - {96F60C36-6DEB-499A-8CB0-
2522247758C1} - C:\WINDOWS\System32\nljpnf.dll (file
missing)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
**NOTE the above line isnt malicious,its a updater that
searches for updates for realplayer,Its owned by a third
party and its not needed you can manually update real
player whenever you want so removing this start up entry
is really up to you
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
This is NOT the browser plug-in, and it is NOT required
to play Quicktime files at all!Remove it to avoid the
file from loading on boot ,unfortunatelly installed with
quicktime. the program eats more than 2 MB of RAM and it
does nothing useful but up to you again if you want to
fix it
Carry on ticking these for fixing:
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32
\svcnut.exe home
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.slotchbar.com (HKLM
O15 - ProtocolDefaults: 'http' protocol is in My Computer
Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer
Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000001-1001-1001-1000-000000000000} -
file://C:\WINDOWS\ziphelp.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:\Recycled\Q330995.exe
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tricklers/AWS/minib
uginstaller.cab
**NOTE only fix the above if you want uninstall weatherbug
O23 - Service: WinPPPoverEthernet - Unknown owner -
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file
missing)
With all these ticked make sure all other windows are
closed and press ' Fix Checked '
Run the DelDomains file you saved,
Right click on that file and choose Install.All you will
notice is the desktop icons flash,This has now reset the
security zones You may delete it afterwards.
Run the Hoster program and choose 'Retore Original Hosts'
Exit Hoster
Search for and delete the following files make sure you
follow the hidden files part at the top first.
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\ziphelp.exe
(Delete this folder if you uninstall weatherbug)
C:\Programfiles\AWS
to clean up download and run Ccleaner on all 3 settings
(Windows,Applications & Issues) and delete anything found.
Then open a internet window,Goto tools then Internet
options,When this opens goto the programs tab and choose
Reset web settings . Then back to the general tab and
make sure the homepage you want is entered in the address
bar.
Run a online scan at any of these sites :
Trend Micro http://housecall.antivirus.com/
Panda http://www.pandasoftware.com/activescan/
Bitdefender
http://www.bitdefender.com/scan/Msie/index.php
Hopefully this will kill it but post back another log You
may have to do the hijack this fixes in safe mode (Keep
tapping F8 on reboot and choose safe mode)
If the problem isnt solved Repost a new log but use these
first:
Ewido Security Suite:
http://download.ewido.net/ewido-setup.exe
Find It's
http://forums.net-integration.net/index.php?
act=Attach&type=post&id=142443
Also Visit Windows Updates and make sure all your
Security Patches are up to date :
http://v4.windowsupdate.microsoft.com/en/default.asp
If you have any problems or need more help just let me
know
Regards Andy
..
alot easier now i can see the log,there's some other
problems showing which we need to clean up
Your Internet Protocol Defaults could be missing O15 -
ProtocolDefaults: 'http' entries in Hijack This,The other
is a Hijack,015 *.slotchbar.com (means they are now in
your trusted sites list and can download things without
your consent) if the Protocol lines keep coming back you
can goto windows updates and reinstall the latest version.
Please copy this page to Notepad. You should not have any
open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab
and make sure that 'Show hidden files and folders'
(or 'Show all files') is enabled. Also make sure
that 'Display the contents of system folders' is checked.
Windows XP's search feature is a little different. When
you click on 'All files and folders' on the left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.
Check Add/Remove Programs screen for :
Weatherbug
Do not uninstall WeatherBug if you value the service that
it offers and can accept the advertisements.Weatherbug is
not spyware, however it is adware. It doesnt monitor,
or 'spy',but is considered adware since it's free version
is ad-supported.
Download Deldomains
http://www.greyknight17.com/spy/DelO15Domains.inf
and choose Save As. Save it to your desktop.
Download Ccleaner:
http://download.ccleaner.com/download119bin.asp
Download Hoster
http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=2654.0;id=285
run hijack and tick all these entries :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://shdocpl.dll/asst.htm
O2 - BHO: (no name) - {96F60C36-6DEB-499A-8CB0-
2522247758C1} - C:\WINDOWS\System32\nljpnf.dll (file
missing)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
**NOTE the above line isnt malicious,its a updater that
searches for updates for realplayer,Its owned by a third
party and its not needed you can manually update real
player whenever you want so removing this start up entry
is really up to you
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
This is NOT the browser plug-in, and it is NOT required
to play Quicktime files at all!Remove it to avoid the
file from loading on boot ,unfortunatelly installed with
quicktime. the program eats more than 2 MB of RAM and it
does nothing useful but up to you again if you want to
fix it
Carry on ticking these for fixing:
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32
\svcnut.exe home
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.slotchbar.com (HKLM
O15 - ProtocolDefaults: 'http' protocol is in My Computer
Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer
Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000001-1001-1001-1000-000000000000} -
file://C:\WINDOWS\ziphelp.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:\Recycled\Q330995.exe
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tricklers/AWS/minib
uginstaller.cab
**NOTE only fix the above if you want uninstall weatherbug
O23 - Service: WinPPPoverEthernet - Unknown owner -
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file
missing)
With all these ticked make sure all other windows are
closed and press ' Fix Checked '
Run the DelDomains file you saved,
Right click on that file and choose Install.All you will
notice is the desktop icons flash,This has now reset the
security zones You may delete it afterwards.
Run the Hoster program and choose 'Retore Original Hosts'
Exit Hoster
Search for and delete the following files make sure you
follow the hidden files part at the top first.
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\ziphelp.exe
(Delete this folder if you uninstall weatherbug)
C:\Programfiles\AWS
to clean up download and run Ccleaner on all 3 settings
(Windows,Applications & Issues) and delete anything found.
Then open a internet window,Goto tools then Internet
options,When this opens goto the programs tab and choose
Reset web settings . Then back to the general tab and
make sure the homepage you want is entered in the address
bar.
Run a online scan at any of these sites :
Trend Micro http://housecall.antivirus.com/
Panda http://www.pandasoftware.com/activescan/
Bitdefender
http://www.bitdefender.com/scan/Msie/index.php
Hopefully this will kill it but post back another log You
may have to do the hijack this fixes in safe mode (Keep
tapping F8 on reboot and choose safe mode)
If the problem isnt solved Repost a new log but use these
first:
Ewido Security Suite:
http://download.ewido.net/ewido-setup.exe
Find It's
http://forums.net-integration.net/index.php?
act=Attach&type=post&id=142443
Also Visit Windows Updates and make sure all your
Security Patches are up to date :
http://v4.windowsupdate.microsoft.com/en/default.asp
If you have any problems or need more help just let me
know
Regards Andy
..
