Really could use some help!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by t3hl33t, Oct 1, 2004.

  1. t3hl33t

    t3hl33t Private E-2

    hello anyone that is reading this. I have a problem. i have syncroAd and winsync on my computer. i followed the antivirus and trojan removal guide and it helped to clear sum more crap off of my computer, but those two things are still here!!! I have hjt and i can post my log when it is requested. i also checked the add remove programs list, but i found nothing out of the ordinary. I could really use your help on this one guys because it slows down my computer by a considerable amount.

    thanks in advance!!
     
    t3hl33t, Oct 1, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    Kodo, Oct 1, 2004
    #2
  3. t3hl33t

    t3hl33t Private E-2

    here is my log
     

    Attached Files:

    • hjt.txt
      File size:
      7.6 KB
      Views:
      2
    Last edited by a moderator: Oct 6, 2004
    t3hl33t, Oct 6, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't see any syncroAd and winsync problems! Did you fix them already?

    Make sure you have viewing of hidden files enabled.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL (file missing)
    O2 - BHO: (no name) - {598F5021-B221-7CA4-AA66-54783DC15279} - C:\WINDOWS\SYSTEM\CGRJGW.DLL
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\fsg_4104.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKCU\..\Run: [Trte] C:\WINDOWS\Application Data\ncrp.exe
    O4 - HKCU\..\Run: [Ejrrnrx] C:\WINDOWS\SYSTEM\zpopjkw.exe
    O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://downloads.bigredswitch.co.uk/joystick.cab
    O16 - DPF: {D7795906-E5DE-4324-AD89-B7D680037899} (VacPro.canada_win98) - http://www.advnt01.com/dialer/canada_win98.CAB


    Did you make this restriction below using SpywareBlaster or SpyBot S&D? If not, fix it too!
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    Now boot in safe mode and delete:
    C:\WINDOWS\SYSTEM\CGRJGW.DLL
    C:\PROGRA~1\TEXTBR~1.0 <--- the whole directory (you need to expand the path. this is abbreviated)
    C:\WINDOWS\Application Data\ncrp.exe
    C:\WINDOWS\SYSTEM\zpopjkw.exe

    No boot in normal mode and post a new HJT log attachment and tell us how things are working.
     
    chaslang, Oct 7, 2004
    #4
  5. t3hl33t

    t3hl33t Private E-2

    Yea im pretty sure i got rid of syncroAd and winsync but there were stuill more problems. Also i looked for those 4 files and didnt find a single one :confused: anyway heres the new log
     

    Attached Files:

    • hjt.txt
      File size:
      5.6 KB
      Views:
      1
    t3hl33t, Oct 7, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log looks okay now! Any problems?
     
    chaslang, Oct 7, 2004
    #6
  7. t3hl33t

    t3hl33t Private E-2

    nope not that i can see thanks a lot chaslang
     
    t3hl33t, Oct 7, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    chaslang, Oct 7, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds