Need dire help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Starayo

Thread Starter
Joined
Jul 9, 2005
Messages
7
Hello all.
I recently discovered that on this computer, there are a number of problems.
SpySherriff, PSGuard, AdwareDelete, CWS.....


I need help on removing them. I have a hijackthis log as follows.
Thanks in advance,
Starayo.

Logfile of HijackThis v1.99.1
Scan saved at 6:26:17 AM, on 10/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\kernels32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AdwareDelete\adwaredelete.exe
C:\Program Files\AdwareDelete\adwaredelete.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\cmos\taos.exe
C:\WINNT\system32\??stem\chkdsk.exe
C:\WINNT\system32\vxgame4.exe
C:\WINNT\system32\vxgame6.exe
C:\WINNT\system32\vxgame4.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINNT\system32\down1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [AdwareDelete] C:\Program Files\AdwareDelete\adwaredelete.exe /h
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINNT\System\svchost.exe /s
O4 - HKLM\..\Run: [System] C:\WINNT\system32\kernels32.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe /NoDialog
O4 - HKCU\..\Run: [Neeo] C:\Program Files\cmos\taos.exe
O4 - HKCU\..\Run: [Auy] C:\WINNT\system32\??stem\chkdsk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://subscribers.scotlandspeople.gov.uk/php/globals/tif_viewer/activex/viewdw32.ocx
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FFF57B-CA56-40B3-8F14-5EC843B67AF4}: NameServer = 203.49.93.1,198.142.0.51
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
 
Joined
Jul 26, 2002
Messages
46,349
Hi Starayo

Welcome to TSG! :)

** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

  • Open MS Anti-Spyware and click on Options > Settings.
  • Click on "Realtime Protection" in the left pane.
  • Remove the check by these:
    • Enable the Microsoft Security Agents on startup (recommended)
    • Enable real-time spyware threat protection (recommended)
  • Click "Save"
  • Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
  • You should re-enable these when we are finished here.


* Click here to download smitRem.zip.
  • Save the file to your desktop.
  • Unzip smitRem.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


* Go here to download CCleaner.
  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the "Options" button.
  • Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\kernels32.exe

O4 - HKLM\..\Run: [AdwareDelete] C:\Program Files\AdwareDelete\adwaredelete.exe /h

O4 - HKLM\..\Run: [WindowsUpdate] C:\WINNT\System\svchost.exe /s

O4 - HKLM\..\Run: [System] C:\WINNT\system32\kernels32.exe

O4 - HKLM\..\Run: [combo.exe] combo.exe

O4 - HKCU\..\Run: [Neeo] C:\Program Files\cmos\taos.exe

O4 - HKCU\..\Run: [Auy] C:\WINNT\system32\??stem\chkdsk.exe




* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\cmos\taos.exe

C:\WINNT\system32\System\chkdsk.exe

C:\WINNT\system32\vxgame4.exe

C:\WINNT\system32\vxgame6.exe

C:\WINNT\system32\vxgame4.exe

C:\WINNT\system32\down1.exe

C:\WINNT\System\svchost.exe

C:\WINNT\System32\combo.exe

C:\WINNT\system32\kernels32.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Delete these folders:

C:\Program Files\cmos
C:\WINNT\system32\system


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
 

Starayo

Thread Starter
Joined
Jul 9, 2005
Messages
7
Thank you for the help so far.
Here are my latest logs:


HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 7:31:29 PM, on 10/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdwareDelete] C:\Program Files\AdwareDelete\adwaredelete.exe /h
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe /NoDialog
O4 - HKCU\..\Run: [Neeo] C:\Program Files\cmos\taos.exe
O4 - HKCU\..\Run: [Auy] C:\WINNT\system32\??stem\chkdsk.exe
O4 - HKCU\..\Run: [wupd] C:\WINNT\system32\win32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://subscribers.scotlandspeople.gov.uk/php/globals/tif_viewer/activex/viewdw32.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FFF57B-CA56-40B3-8F14-5EC843B67AF4}: NameServer = 203.49.93.1,198.142.0.51
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
 

Starayo

Thread Starter
Joined
Jul 9, 2005
Messages
7
Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:16:15 PM, 10/07/2005
+ Report-Checksum: 7C0FCA2C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-1123561945-1935655697-1708537768-1000\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1123561945-1935655697-1708537768-1000_Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\NPMySrch.dll -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Grisoft\AVG Free\avgemc.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A795A7A7-7C1A-4C51-8D5C-1EFFBD\49EF5BB0-CD2B-400A-9C27-46666D -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A795A7A7-7C1A-4C51-8D5C-1EFFBD\E0A5205D-2279-4E0E-B6A6-6037AC -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A795A7A7-7C1A-4C51-8D5C-1EFFBD\694C7923-0B36-4029-9ED5-297B60 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E069519C-7321-4F42-805E-118ECA\88F87A4F-491B-4D2C-A939-64A441 -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F90DB215-A742-4EBD-AC86-983A7B\074776A4-F4B7-4DA3-8AD9-A138E7 -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9DFBDECC-B715-4EDE-BAD3-E32E8E\A33CC58E-6840-45EA-89F6-0C866A -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9DFBDECC-B715-4EDE-BAD3-E32E8E\20594A7B-CAF4-4EE1-8C4B-253491 -> Spyware.MyWebSearch : Cleaned with backup
C:\!Submit\vxgame4.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\!Submit\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\!Submit\kernels32.exe -> TrojanDownloader.Small.agq : Cleaned with backup
C:\WINNT\system32\latest.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINNT\system32\~update.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINNT\system32\jcsrfvri.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\win32.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINNT\system32\vxgame2.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINNT\system32\flsmngr.dll -> Spyware.Searcher : Cleaned with backup
C:\WINNT\system32\vxgamet2.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINNT\system32\vxh8jkdq5.exe -> TrojanDownloader.Small.awa : Cleaned with backup
C:\WINNT\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINNT\system32\vxgame3.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINNT\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\WINNT\system32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINNT\system32\down0.exe/ntcomm.exe -> Backdoor.Cl4 : Cleaned with backup
C:\WINNT\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINNT\system\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINNT\Downloaded Program Files\win32.exe -> TrojanDownloader.Small.agq : Cleaned with backup
C:\WINNT\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\syscab\unicodbag.txt -> Worm.Randon.i : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][4].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][5].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][5].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][5].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][5].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][4].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\barry\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup


::Report End
 

Starayo

Thread Starter
Joined
Jul 9, 2005
Messages
7
I have attatched the ActiveScan log as it is too long to fit in a reply.

I hope that you'll scan it well before opening it. I'm not very trustful of this computer now.


Thanks! I'm just working on removing AdwareDelete now. I've dealt with that one before, so it won't be much of a problem
 

Attachments

Joined
Jul 26, 2002
Messages
46,349
You still have all the same entries in your Hijack This log as you had before. I suspect that is because you did not turn off MS-Antispyware as I suggested. It is either that or when you turned it back on, it alerted you to the changes you had made and then you told it to block them. The changes must be allowed. Not knowing for sure if that is the case, I am going to have to have you repeat everything.

IMPORTANT!: Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

  • Open MS Anti-Spyware and click on Options > Settings.
  • Click on "Realtime Protection" in the left pane.
  • Remove the check by these:
    • Enable the Microsoft Security Agents on startup (recommended)
    • Enable real-time spyware threat protection (recommended)
  • Click "Save"
  • Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
  • You should re-enable these when we are finished here.
  • When you do turn it back on, it will alert you to changes and you must rember that those are changes you made and you must allow the changes.



* Download DelDomains.inf from here.

Rightclick DelDomains.inf and choose install.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\kernels32.exe

O4 - HKLM\..\Run: [AdwareDelete] C:\Program Files\AdwareDelete\adwaredelete.exe /h

O4 - HKCU\..\Run: [Neeo] C:\Program Files\cmos\taos.exe

O4 - HKCU\..\Run: [Auy] C:\WINNT\system32\??stem\chkdsk.exe

O4 - HKCU\..\Run: [wupd] C:\WINNT\system32\win32.exe




* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\cmos\taos.exe

C:\WINNT\system32\System\chkdsk.exe

C:\WINNT\system32\vxgame4.exe

C:\WINNT\system32\vxgame6.exe

C:\WINNT\system32\oleadm.dll

C:\WINNT\system32\vx.tll

C:\WINNT\system32\vxh8jkdq2.exe

C:\WINNT\system32\ztoolbar.xml

C:\WINNT\system32\ztoolbar.bmp

C:\WINNT\system32\ztoolb003.dll

C:\WINNT\system32\Shex.exe

C:\WINNT\zsettings.dll

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\G1A3GLAF\loadppc[1].exe

C:\Documents and Settings\Administrator\Local Settings\Temp\vx6.game

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JM4V7VXU\vxxv[1].php

C:\Program Files\AdwareDelete\adwaredelete.exe

C:\WINNT\system32\vxgame4.exe

C:\WINNT\system32\down1.exe

C:\WINNT\System\svchost.exe

C:\WINNT\System32\combo.exe

C:\WINNT\system32\kernels32.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Delete these folders:

C:\Program Files\AdwareDelete
C:\Program Files\cmos
C:\WINNT\system32\system


* Delete these folders from your favorites:

Security
Sports
Leisure
Pharmacy
Security



* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

Post a new HiJackThis log along with the report from the Housecall scan and the ewido scan.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top