Have tried various scans and they don't seem to have done anything. Someone please help =[
Here is the HijackThis log:
Logfile of HijackThis v1.99.1 Scan saved at 19:45:27, on 06/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
1. Run Hijackthis and put a check next to these entries:(some entries might no longer present don't worry) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O4 - HKLM\..\Run: [SvcManager] svchost4.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c1.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/03b1ac44b6ed98ea1021/netzip/RdxIE601.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (ÌìÏÂËÑË÷) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dbn283.exe O20 - Winlogon Notify: Run - C:\WINDOWS\system32\g240lchm1f4a.dll O23 - Service: Windows Workstation Service (Windows Workstation) - Unknown owner - c:\msdos.exe (file missing) Close all browsers and other windows and click "Fix Checked" button.
2. Open HiJackThis * Click on the "Config..." button on the bottom right * Click on the tab "Misc Tools" * Click on "Delete File on Reboot" * Navigate to this file --> C:\Program Files\Common Files\{30B903F0-095A-2057-0611-03101104002c}\Update.exe * Double click on that file. * HJT asks you if you want to reboot, now. Click "No" Do that for the following file also --> C:\WINDOWS\System32\svchost4.exe When you get to the second one, click "yes" when HJT asks you to reboot.
3. Please download Look2Me-Destroyer.exe to your desktop. www.atribune.org/ccount/click.php?id=7 Close all windows before continuing. Double-click "Look2Me-Destroyer.exe" to run it. Put a check next to "Run this program as a task". You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When Look2Me-Destroyer re-opens, click the "Scan for L2M" button, your desktop icons will disappear, this is normal. Once it's done scanning, click the "Remove L2M" button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
4. Please try and make this works by following the steps very carefully, I've seen people not doing this correctly. There is 2 files that you need to download before you run the fix in safe mode.
a. Please download Brute Force Uninstaller to your desktop. [*]Right click the BFU folder on your desktop, and choose Extract All [*]Click "Next" [*]In the box to choose where to extract the files to, [*]Click "Browse" [*]Click on the + sign next to "My Computer" [*]Click on "Local Disk (C:) [*]Click "Make New Folder" [*]Type in BFU [*]Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
b.RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder. [*] Start the Brute Force Uninstaller by doubleclicking BFU.exe [*] Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu [*] Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.) [*]Wait for the complete script execution box to pop up and press OK. [*]Press exit to terminate the BFU program.
NOTE: The BFU script process looks for a very long list of files, registry entries and other malware but the log only lists the ones it did NOT find, so if you see that log and think it failed, don't worry it did not.
Then post a fresh hijackthis log.* You may email me if you're still waiting for my follow-up post.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
And the new HijackThis log:
Logfile of HijackThis v1.99.1 Scan saved at 13:35:40, on 08/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Run Hijackthis and put a check next to these entries and click "Fix Checked": O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-reporting/bannerads.cab O23 - Service: Windows Workstation Service (Windows Workstation) - Unknown owner - c:\msdos.exe (file missing)
C:\PROGRA~1\PRINTV~1\pvmodule.exe <-- delete this file C:\PROGRA~1\PRINTV~1<-- also this folder, this is not the real Printview folder
Please download AVG anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program [*]Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. [*]Once the setup is complete you will need run ewido and update the definition files. [*]On the main screen select the icon "Update" then select the "Update now" link. [*]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*]Under "Reports" [*]Select "Automatically generate report after every scan" [*]Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly. [*]Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: [*]Lauch ewido-anti-spyware by double-clicking the icon on your desktop. [*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". [*]ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: [*]If you have any infections you will prompted, then select "Apply all actions" [*]Next select the "Reports" icon at the top. [*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). [*]Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Also run DrWebCureit Download and install DrWebCureit: tp.drweb.com/pub/drweb/cureit/drweb-cureit.exeto your desktop. Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now". It will first make a quick scan of your system, let it clean what it find, and when it says "done" Click on the green screwdriver- Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.* You may email me if you're still waiting for my follow-up post.
Currently it is Saturday, November 21, 2009 3:00 PM (GMT +1) There are a total of 73.032 posts in 17.116 threads. In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil. 57 Guest(s), 0 Registered Member(s) are currently online. Details
and select alcanshorty.bfu
|