Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

iexplore.exe at startup caused adware?


  • Please log in to reply

#16
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi tomtomj. That's what the scan was for, to tell us where those entries were. It wasn't going to fix them, just find them. That's what we'll do below.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Manual Scans]
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM47b7c618 -> RUNDLL32.EXE "C:\WINDOWS\SYSTEM32\CWFEDINR.DLL",S
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4484f584 -> RUNDLL32.EXE "C:\WINDOWS\SYSTEM32\QHCBROHT.DLL",B
[Extra Files]
C:\WINDOWS\SYSTEM32\CWFEDINR.DLL
C:\WINDOWS\SYSTEM32\QHCBROHT.DLL

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
  • 0

Advertisements


#17
tomtomj

tomtomj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Log attached.
TJ

Attached Files


Edited by tomtomj, 07 May 2008 - 03:27 PM.

  • 0

#18
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi tomtomj. That log is from a scan. Was the fix posted above run? That's the log I need. OTScanIt Short Fix -

The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) There will probably be multiple logs from the multiple fixes so choose the latest one.

Cheers.

OT
  • 0

#19
tomtomj

tomtomj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My mistake! Here is the log. Looks good because the rundll errors don't show up anymore.


[Manual Scans]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM47b7c618 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4484f584 deleted successfully.
[Extra Files]
< C:\WINDOWS\SYSTEM32\CWFEDINR.DLL >
File/Folder C:\WINDOWS\SYSTEM32\CWFEDINR.DLL not found.
< C:\WINDOWS\SYSTEM32\QHCBROHT.DLL >
File/Folder C:\WINDOWS\SYSTEM32\QHCBROHT.DLL not found.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.12.1 fix logfile created on 05072008_194514
  • 0

#20
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi tomtomj. Yup, that does look good. That's the rest of the malware stuff we found. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
  • 0

#21
tomtomj

tomtomj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm back! Everything is good with the PC. Thanks.
  • 0

#22
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Glad to hear it tomtomj. Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:

  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers and Happy Computing!

OT
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP