Need Help Following sticky thread

Re: Help needed - Following sticky thread

Hello,
Regarding “DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal”

I’ve read and been following this article first before asking for help but I need help with it. I’m scanning with the Trend Micro and is seems to be stalling, says there’s a threat pagefile.sys. I‘ve tried to reset through system properties/performance as well as trying to clean it out by going in through start/run/regedit neither seems to have worked. I’d appreciate any help I can get, hate to take pc to shop if I don’t have to.

 

Re: Help needed - Following sticky thread

Hi Lisa71,

You should start your own thread. When you post in other threads it gets confusing. Start your own and I'm sure someone will gladly help you
T.Blue

 

Lisa71,

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

I want to be sure I’m not having a moment. I printed out the “NO HIJACK THIS…..” thread and downloaded Hijackthis. It says to read the before mentioned thread and run through the steps first. I stopped when Trend Micro stalled saying I have the pagefile.sys threat. I’m also back in normal mode. Go ahead and do the Hijack log and take care of the pagefile.sys threat first or continue with the “ DO NOT POST TILL YOU READ THIS…” thread (leaving the Trend Micro for now)?

P.S Thank you tblue and bjgarrick I’ll remember that just didn’t want to start another thread on a subject already going.

 

Go ahead and post me a current HJT log from normal mode.

 

Here it is, thank you.

 

Do another scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

If you want your homepage to remain turbonet.com then leave this as is.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.turbonet.com/turbonet/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yaho o.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yaho o.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yaho o.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yaho o.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yaho o.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yaho o.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe

O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/Ud3rT0n5.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb026.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup 1.0.0.8.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://gozing.skilljam.com/ssp/SSP.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple.com/TSWeb/msrdp.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/popblocker.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file =stamps.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab


Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\PAV.EXE

C:\WINDOWS\dhbrwsr.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows


Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


After you have completed the above, Scan with HijackThis and attach the new log.

 

Good morning
I actually have about:blank as my homepage, techies at computer shop put it there last time pc was in shop. Don't know if it mattered but I also didn't find Netrwork Security Service, Workstation Netlogin Service or Remote Procedure Call (RPC) Helper when following the "DO NOT POST TILL ...."

Have a great day all.

 

Did you completed all the steps I requested in post # 7 ??

 

Good afternoon yes sir just got done here's the log.

Thank You

 

Log is clean!

Are currently experiencing any further problems?

 

Thank You, Thank You, Thank You, help is very much appreciated. I'll go back to the "DO NOT POST TILL ..." article and finish that up, I'll let you know if I there's anymore "problems"

 

Whats left to finish?

You should see this article on How to Protect yourself from malware!

 

I stopped at the "do an online scan at Trend Micro's Free Online Virus Scan" when it "stalled" saying pagefile.sys threat so there's everthing else after that ... wanted to solve one thing at a time. Thanks for the suggestion reading that link now.

 

Here is a few online Virus Scans.

TrendMicro's Online Virus Scan

Bitdefender

Symantec's Online Virus Scan & Security Check

Online TrojanScan

 

Thanks, got them booked marked to check out, prabably won't finish up till tomorrow it's Thursday my dates are coming on tonight wouldn't want to miss any action lol

 

Good Luck!

Browse Safely

 

Good Day, it all looks good, browser seems to be loading quicker too now. I'm updating right now and think I'll remove the microsoft java and install the sun java when updating is done. Thank you

 

Glad everything is working better