• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tommyfm

Still Waiting for Help

4 posts in this topic

Please help me to free my homepage, it's still hijacked... from weeks ago. Here you have my hijackthis log:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:50:45, on 26/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ndiqs.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:\\www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ndiqs.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ndiqs.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.kissfm.es/webmail

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: (no name) - {B033A52F-6A69-0E6A-FBFB-8FCAADCA3C98} - C:\WINDOWS\system32\ntzm32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\CPLFL32.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [showIcon_Chander_CRW Series Driver v1.17r019] "C:\Archivos de programa\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Archivos de programa\Telefonica Kit ADSL USB\CnxDslTb.exe

O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE

O4 - HKLM\..\Run: [apppq32.exe] C:\WINDOWS\apppq32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [AIM] C:\ARCHIV~1\AIM\aim.exe -cnetwait.odl

O4 - HKLM\..\RunOnce: [d3jf32.exe] C:\WINDOWS\system32\d3jf32.exe

O4 - HKLM\..\RunOnce: [crrz.exe] C:\WINDOWS\system32\crrz.exe

O4 - HKLM\..\RunOnce: [apimt32.exe] C:\WINDOWS\system32\apimt32.exe

O4 - HKLM\..\RunOnce: [javakh.exe] C:\WINDOWS\javakh.exe

O4 - HKLM\..\RunOnce: [d3qb.exe] C:\WINDOWS\d3qb.exe

O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\nettt32.exe

O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\addcj32.exe

O4 - HKLM\..\RunOnce: [winmf32.exe] C:\WINDOWS\system32\winmf32.exe

O4 - HKLM\..\RunOnce: [d3li32.exe] C:\WINDOWS\d3li32.exe

O4 - HKLM\..\RunOnce: [winuj32.exe] C:\WINDOWS\system32\winuj32.exe

O4 - HKLM\..\RunOnce: [ieyj32.exe] C:\WINDOWS\ieyj32.exe

O4 - HKLM\..\RunOnce: [javajv.exe] C:\WINDOWS\javajv.exe

O4 - HKLM\..\RunOnce: [ielv.exe] C:\WINDOWS\ielv.exe

O4 - HKLM\..\RunOnce: [crot.exe] C:\WINDOWS\crot.exe

O4 - HKLM\..\RunOnce: [atlcg32.exe] C:\WINDOWS\atlcg32.exe

O4 - HKLM\..\RunOnce: [sdkzo32.exe] C:\WINDOWS\sdkzo32.exe

O4 - HKLM\..\RunOnce: [appom.exe] C:\WINDOWS\system32\appom.exe

O4 - HKLM\..\RunOnce: [addis32.exe] C:\WINDOWS\system32\addis32.exe

O4 - Startup: Microsoft Outlook.lnk = ?

O4 - Startup: Infotriever.lnk = C:\Archivos de programa\Infotriever\Agent\infoclient.exe

O4 - Global Startup: Ventana de estado de Canon LASER SHOT LBP-1210.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE

O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)

O9 - Extra button: AIM (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C659C078-7131-41E0-8269-31213EB708D7}: NameServer = 80.58.4.33 80.58.34.97

Share this post


Link to post
Share on other sites

***DISCLAIMER*** I do NOT recommend that you do the following, but it worked for me.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ndiqs.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:\\www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ndiqs.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ndiqs.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ndiqs.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.kissfm.es/webmail

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: (no name) - {B033A52F-6A69-0E6A-FBFB-8FCAADCA3C98} - C:\WINDOWS\system32\ntzm32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\CPLFL32.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [showIcon_Chander_CRW Series Driver v1.17r019] "C:\Archivos de programa\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Archivos de programa\Telefonica Kit ADSL USB\CnxDslTb.exe

O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE

O4 - HKLM\..\Run: [apppq32.exe] C:\WINDOWS\apppq32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [AIM] C:\ARCHIV~1\AIM\aim.exe -cnetwait.odl

O4 - HKLM\..\RunOnce: [d3jf32.exe] C:\WINDOWS\system32\d3jf32.exe

O4 - HKLM\..\RunOnce: [crrz.exe] C:\WINDOWS\system32\crrz.exe

O4 - HKLM\..\RunOnce: [apimt32.exe] C:\WINDOWS\system32\apimt32.exe

O4 - HKLM\..\RunOnce: [javakh.exe] C:\WINDOWS\javakh.exe

O4 - HKLM\..\RunOnce: [d3qb.exe] C:\WINDOWS\d3qb.exe

O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\nettt32.exe

O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\addcj32.exe

O4 - HKLM\..\RunOnce: [winmf32.exe] C:\WINDOWS\system32\winmf32.exe

O4 - HKLM\..\RunOnce: [d3li32.exe] C:\WINDOWS\d3li32.exe

O4 - HKLM\..\RunOnce: [winuj32.exe] C:\WINDOWS\system32\winuj32.exe

O4 - HKLM\..\RunOnce: [ieyj32.exe] C:\WINDOWS\ieyj32.exe

O4 - HKLM\..\RunOnce: [javajv.exe] C:\WINDOWS\javajv.exe

O4 - HKLM\..\RunOnce: [ielv.exe] C:\WINDOWS\ielv.exe

O4 - HKLM\..\RunOnce: [crot.exe] C:\WINDOWS\crot.exe

O4 - HKLM\..\RunOnce: [atlcg32.exe] C:\WINDOWS\atlcg32.exe

O4 - HKLM\..\RunOnce: [sdkzo32.exe] C:\WINDOWS\sdkzo32.exe

O4 - HKLM\..\RunOnce: [appom.exe] C:\WINDOWS\system32\appom.exe

O4 - HKLM\..\RunOnce: [addis32.exe] C:\WINDOWS\system32\addis32.exe

O4 - Startup: Microsoft Outlook.lnk = ?

O4 - Startup: Infotriever.lnk = C:\Archivos de programa\Infotriever\Agent\infoclient.exe

O4 - Global Startup: Ventana de estado de Canon LASER SHOT LBP-1210.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE

O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)

O9 - Extra button: AIM (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C659C078-7131-41E0-8269-31213EB708D7}: NameServer = 80.58.4.33 80.58.34.97

 

My log was very similar (although the names of the .dll and the .exe's varied). I uninstalled then reinstalled WMP before doing anything (since that's where the infection first attacked, through a malicious javascript), then deleted everything that I've marked in blue. If you are going to try something as radical as this, I'd make sure you back everything up or delete to a reversible trash can (like Norton's).

I now appear to be infection free.

Share this post


Link to post
Share on other sites

Hi dude!

 

I'm afraid it didn't work, I deleted everything you said... even more as there was more exe files in runonce lines... my pc was really slow when starting, but it is solved since I've deleted all that stuff. It appeared to be repaired... but the hijacker dll appeared (now with a different name) and everything's the same. It seems deleted untill I close the explorer with no hijacking... the first time I open explorer again... there's the hijacker dll again.

 

Well, this is my new hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 21:18:08, on 05/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sfozp.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sfozp.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sfozp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sfozp.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sfozp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sfozp.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.kissfm.es/webmail

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)

O2 - BHO: (no name) - {1D7DD602-0DE1-9C0E-DF14-0A8EE4D46A46} - C:\WINDOWS\addyx32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\CPLFL32.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"

O4 - HKLM\..\Run: [showIcon_Chander_CRW Series Driver v1.17r019] "C:\Archivos de programa\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAP2ONN.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe

O4 - Startup: Microsoft Outlook.lnk = ?

O4 - Global Startup: Ventana de estado de Canon LASER SHOT LBP-1210.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE

O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)

O9 - Extra button: AIM (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C659C078-7131-41E0-8269-31213EB708D7}: NameServer = 80.58.4.33 80.58.34.97

 

Thanks again!

Share this post


Link to post
Share on other sites

Hello,

 

Download About:Buster from Here

Unzip it to your desktop. Double click on About:Buster and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report.

 

You need to get the newest version of HijackThis. Open HijackThis, click on -- > Config -- > Misc Tools -- > click on the "check for update online" button and update to v1.98.

 

Perform a customized scan with Ad-aware.....

 

Click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start." Make sure "Activate in-depth scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot when finished.

 

Next, perform an online virus scan at Panda Software and an online Trojan scan at Sygate. (See links in my signature below). Allow each program to remove whatever it may find. NOTE: You may need to allow Sygate to have access through your firewall, or temporarily disable your firewall. If so, be sure you re-enable your firewall immediately after the scan has completed. Reboot after each scan.

 

If you have difficulty with the Sygate Trojan scan, you can download a free trial of TrojanHunter here: http://www.misec.net/ Manually update the definitions before scanning. Allow the program to delete anything it may find. Reboot when finished.

 

Paste the About:Buster report and a new Hijack this log into this same thread.

 

NOTE: This time, please provide the entire HijackThis log. The other logs you've posted have not shown the running processes.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0