-
..noo...
the pop up is there...should I run a spybot scan?
-
Yes, run spybot. Are you hooked up to a router?
-
I was but I disconnected it when you asked.
-
Hey Ken:
Looks like it's gone! 
What could that pop up be?
Here are the results:
MeMedia.AdVantage: [SBI $C67BB47E] Autorun settings (AdVantage) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1868238242-3347771443-3143855081-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdVantage
MyWay.MyWebSearch: [SBI $CD97DE2F] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
QiwangC.RegistryEasy: [SBI $2783F7C9] Configuration file (File, nothing done)
C:\WINDOWS\Tasks\Schedule Task Weekly.job
Properties.size=400
Properties.md5=775735E9232B12DE03C8C89AEBC68CE9
Properties.filedate=1300896000
Properties.filedatetext=2011-03-23 12:00:00
Marketscore.RelevantKnowledge: [SBI $396355C7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\isabella\Local Settings\Temp\~os1E.tmp\rlvknlg.exe
Marketscore.RelevantKnowledge: [SBI $396355C7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\isabella\Local Settings\Temp\~os31.tmp\rlvknlg.exe
Marketscore.RelevantKnowledge: [SBI $396355C7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\program files\relevantknowledge\rlvknlg.exe
Marketscore.RelevantKnowledge: [SBI $59D12274] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\isabella\Local Settings\Temp\~os1E.tmp\rlvknlg.exe
Marketscore.RelevantKnowledge: [SBI $59D12274] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\isabella\Local Settings\Temp\~os31.tmp\rlvknlg.exe
Marketscore.RelevantKnowledge: [SBI $59D12274] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\program files\relevantknowledge\rlvknlg.exe
Error during check!: Win32.TDSS.rtk [946 - $5FE08CC5] (Invalid pointer operation) (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-16 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-12 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-12 Includes\TrojansC-02.sbi (*)
2011-04-11 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-11 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
-
Hi,
You need to run Spybot again and have it remove all that it found, that stuff needs to go.
This is where we are at. That bad banking site is in your DNS Cache but OTL is not flushing it out
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
Rogers Online Protection may be preventing this so we are going to temporary disable it
Go to Start> Run and type in msconfig > enter, go to the Startup Tab and uncheck Rogers Online Protection and ok you way out, after you run this batch file you can do the same thing but put the checkmark back in to enable it.
Copy and paste these lines into Windows Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Double click to run.
*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.
Let me know how it went
-
Hello Ken.
I don't see Rogers Protection under startup- it is under services, is that the one I'm turning off? also should I turn off tea timer, I noticed it was there in the start up menu.
And...you lost me on the second part...starting with the words copy to the notepad..lol How do I do that?
Thanks!
-
Hey, me again..so I figured out how to run it so please ignore my previous post.
It said the same message, it was not able to remove it.
I am hooked up to the router again, would that make a difference?
-
You did just fine,
Go to Start> Run and type in services.msc > enter, then look for DNS Client, right click on it and select STOP, then ok your way out , now try running that script that you did in my previous post
Last edited by ken545; 2011-04-24 at 03:24.
-
I did that, however when right click on DNS client the option to stop is not highlighted, it says it is disabled.
-
Lets try enabling it to Start Automatically
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
