« previous next »
Pages: [1]

Author Topic: Please help! Can't clean hijack off machine...  (Read 1566 times)

Neil

  • Guest
Please help! Can't clean hijack off machine...
« on: December 17, 2004, 07:34:26 PM »
Last night I started getting popups... I even had a couple of icons shoved on my desktop. I've just spend 5 hours trying to get rid of everything SpyBot & HJT were reporting using every tactic I could find mentioned on this and other websites.

I eventually succeeded but the moment there is an internet connection again, it all comes back again. So I can get the system reported clean, but the moment there is access to the internet, back it all comes.

Please can someone help... I'm hoping there's just one thing that I'm not nuking that means it all comes back again.

I assume these are the lines causing the popup/redirection problem:-
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

But as I said if I use SpyBot and HJT (in safemode) to nuke these lines, they come back again at the first sniff of the internet.

Anyway here's the logs with virtually everything back in it again. Basically back where I started after 5 hours!!! Please help  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />


--Hijackthis--
Logfile of HijackThis v1.99.0
Scan saved at 23:27:18, on 17/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LCDC\LCDC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LCDC] C:\Program Files\LCDC\LCDC.exe 0
O4 - HKLM\..\Run: [winsys] syschost.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{782DEB0E-1DCD-4AAD-B5D6-36205BEFDEAF}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Promise RAID message agent - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe





--SpyBot--

--- Search result list ---
Common hijacker: Redirected host (Redirected host, nothing done)
 

Common hijacker: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Bootconf: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Loadbat: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Msconfd: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Oslogo: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Tapicfg: Redirected host (Redirected host, nothing done)
 

CoolWWWSearch.Xmlmimefilter: Redirected host (Redirected host, nothing done)
 

IGetNet: Redirected host (Redirected host, nothing done)
 


--- Spybot - Search & Destroy version: 1.3 .1TX (build: 20040801) ---

2004-05-12 blindman.exe (1.0.0.0)
2004-08-30 SpybotSD.exe (1.3.0.12)
2004-05-12 TeaTimer.exe (1.3.0.12)
2004-06-15 unins000.exe (51.15.0.0)
2004-05-12 Update.exe (1.3.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2004-05-12 SDHelper.dll (1.3.0.12)
2004-05-12 Tools.dll (2.0.0.0)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2004-11-29 Includes\Cookies.sbi
2004-12-01 Includes\Dialer.sbi
2004-12-02 Includes\Hijackers.sbi
2004-12-01 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-12-01 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-01 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2004-12-01 Includes\Trojans.sbi



--- System information ---
Windows XP (Build: 2600) Service Pack 2
 / DataAccess: Security Update for Microsoft Data Access Components
 / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
 / Windows Media Player: Windows Media Update 817787
 / Windows Media Player: Windows Media Update 828026
 / Windows XP / SP2: Windows XP Service Pack 2
 / Windows XP / SP3: Windows XP Hotfix - KB834707
 / Windows XP / SP3: Windows XP Hotfix - KB873339
 / Windows XP / SP3: Windows XP Hotfix - KB885835
 / Windows XP / SP3: Windows XP Hotfix - KB885836
 / Windows XP / SP3: Windows XP Hotfix - KB885884
 / Windows XP / SP3: Windows XP Hotfix - KB886185


--- Startup entries list ---
Located: HK_LM:Run, Advanced Tools Check
command: C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
   file: C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
   size: 79480
    MD5: ed45c0c499a5b9a7100ac80288dfcfb7

Located: HK_LM:Run, AsioReg
command: REGSVR32.EXE /S CTASIO.DLL
   file: C:\WINDOWS\system32\REGSVR32.EXE
   size: 11776
    MD5: 9709ead856a690333138ac40804f914e

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
   file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
   size: 339968
    MD5: acc7b414ef1abea6aa654b74cc9a90cf

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
   size: 54296
    MD5: ace91f1db4e08fa62c758adf2390c07e

Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
   file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
   size: 58392
    MD5: 8ab27947c7c2b3388f15ce7c3d595050

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
   file: C:\WINDOWS\system32\CTHELPER.EXE
   size: 28672
    MD5: be75b1da5ee9d8f50fe6d9890e7f399d

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
   file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
   size: 49152
    MD5: c88806e6c9ae0ad88d20e1bda995355a

Located: HK_LM:Run, LCDC
command: C:\Program Files\LCDC\LCDC.exe 0

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
   file: C:\WINDOWS\system32\NeroCheck.exe
   size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
   file: C:\Program Files\QuickTime\qttask.exe
   size: 77824
    MD5: 96d2436434d14b99d0edf8a26be76eed

Located: HK_LM:Run, SBDrvDet
command: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

Located: HK_LM:Run, SystemTray
command: SysTray.Exe
   file: C:\WINDOWS\system32\SysTray.Exe
   size: 3072
    MD5: 46e07fd3a40760fda18cf6b4fc691742

Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
   file: C:\Program Files\TrojanHunter 4.0\THGuard.exe
   size: 1073664
    MD5: bf9cd59a495e2b67160de668da10a63f

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
   file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
   size: 151597
    MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
   file: C:\WINDOWS\UpdReg.EXE
   size: 90112
    MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, winsys
command: syschost.exe

Located: HK_CU:Run, Fraps
command: C:\PROGRAM FILES\FRAPS\FRAPS.EXE
   file: C:\PROGRAM FILES\FRAPS\FRAPS.EXE
   size: 651264
    MD5: 886cdf334ed4932dce31c47c20626aa3

Located: Startup (common), SpeedFan.lnk
command: C:\Program Files\SpeedFan\speedfan.exe
   file: C:\Program Files\SpeedFan\speedfan.exe
   size: 2086400
    MD5: c02517eecec9549fbbd26f9ee7747964

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll

Located: WinLogon, crypt32chain
command: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll

Located: WinLogon, Internet Settings
command: C:\WINDOWS\system32\m2ju0c19ef.dll
   file: C:\WINDOWS\system32\m2ju0c19ef.dll
   size: 0
    MD5: d41d8cd98f00b204e9800998ecf8427e

Located: WinLogon, ScCertProp
command: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll



--- Browser helper object list ---


--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
          DPF name:
        CLSID name: Shockwave ActiveX Control
       description: Macromedia ShockWave Flash Player 7
    classification: Unknown
    known filename: SWDIR.DLL
         info link:
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
         Long name:          SwDir.dll
        Short name:                  
    Date (created): 03/07/2003 19:56:38
Date (last access): 13/11/2004 09:24:02
 Date (last write): 11/02/2003 05:02:58
          Filesize:              32768
        Attributes:           archive
               MD5: 92FA0AE21D3A08B65D291724AA7D0E43
             CRC32:           7B63A9DB
           Version:            0.8.0.5

{33363249-0000-0010-8000-00AA00389B71} ()
          DPF name:
        CLSID name:

{33564D57-0000-0010-8000-00AA00389B71} ()
          DPF name:
        CLSID name:

{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
          DPF name:
        CLSID name: GSDACtl Class
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:           gsda.dll
        Short name:                  
    Date (created): 02/08/2002 09:26:16
Date (last access): 13/11/2004 09:24:14
 Date (last write): 02/08/2002 09:26:16
          Filesize:             126976
        Attributes:           archive
               MD5: 5EE65B9EC52620265673154EA2B9E5DD
             CRC32:           7A1393C7
           Version:            0.1.0.0



--- Process list ---

PID:    0 (   0) [System]
PID:    4 (   0) System
PID:  188 (1184) C:\WINDOWS\system32\wscntfy.exe
PID:  264 ( 824) C:\WINDOWS\System32\svchost.exe
PID:  348 ( 824) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PID:  460 ( 824) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PID:  680 (   4) \SystemRoot\System32\smss.exe
PID:  756 ( 680) csrss.exe
PID:  780 ( 680) \??\C:\WINDOWS\system32\winlogon.exe
PID:  824 ( 780) C:\WINDOWS\system32\services.exe
PID:  836 ( 780) C:\WINDOWS\system32\lsass.exe
PID:  988 ( 824) C:\WINDOWS\System32\Ati2evxx.exe
PID: 1000 ( 824) C:\WINDOWS\system32\svchost.exe
PID: 1092 ( 824) svchost.exe
PID: 1184 ( 824) C:\WINDOWS\System32\svchost.exe
PID: 1236 ( 824) svchost.exe
PID: 1284 ( 824) svchost.exe
PID: 1368 ( 824) alg.exe
PID: 1388 (1000) C:\Program Files\Messenger\msmsgs.exe
PID: 1528 ( 824) C:\WINDOWS\system32\spoolsv.exe
PID: 1604 ( 780) C:\WINDOWS\system32\Ati2evxx.exe
PID: 1636 ( 824) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 1680 ( 824) C:\Program Files\Norton AntiVirus\navapsvc.exe
PID: 1752 ( 824) C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
PID: 1796 (1900) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PID: 1812 (1900) C:\WINDOWS\system32\CTHELPER.EXE
PID: 1848 ( 780) C:\WINDOWS\system32\rundll32.exe
PID: 1900 (1780) C:\WINDOWS\Explorer.EXE
PID: 1924 ( 824) C:\Program Files\Promise\Utility\MsgAgt.exe
PID: 2072 (1900) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 2256 (1900) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 2272 (1900) C:\Program Files\LCDC\LCDC.exe
PID: 2292 (1900) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PID: 2340 (1900) C:\Program Files\TrojanHunter 4.0\THGuard.exe
PID: 2376 (1900) C:\PROGRAM FILES\FRAPS\FRAPS.EXE
PID: 2584 (1900) C:\Program Files\SpeedFan\speedfan.exe
PID: 3132 (1900) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3356 (1184) C:\WINDOWS\system32\wuauclt.exe
Spybot - Search && Destroy process list report, 17/12/2004 23:26:50


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 17/12/2004 23:26:50

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Logged

Neil

  • Guest
Please help! Can't clean hijack off machine...
« Reply #1 on: December 18, 2004, 06:36:32 AM »
Another 3hrs spent...

I notice also my LMHOST file is getting corrupted at boot up (when online)

127.0.0.1       localhost
127.0.0.1  www.igetnet.com
127.0.0.1  code.ignphrases.com
127.0.0.1  clear-search.com
127.0.0.1  r1.clrsch.com
127.0.0.1  sds.clrsch.com
127.0.0.1  status.clrsch.com
127.0.0.1  www.clrsch.com
127.0.0.1  clr-sch.com
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
69.20.16.183  auto.search.msn.com
69.20.16.183  search.netscape.com
69.20.16.183  ieautosearch


So I clean everything up, when off-line... THe moment I boot up online bang!

PLEASE HELP - SOMEONE!!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Can't clean hijack off machine...
« Reply #2 on: December 18, 2004, 06:25:11 PM »
Let's try some cleanup on your log
I need you to download a few tools

First Download and save to Desktop
VX2 Finder.exe (126)

Next: Download and save to Desktop
DLLCompare

Next:Could you downloadFindit.Zip
Unzip the contents  to the desktop
=================================================
Open DllCompare
Start the Program and click the Run Locate.com
Default settings should work---C:\Windows\System32 directory
Let it complete the SCAN, which won't take long
Click the Compare button to start the next process.This will take a bit longer.

When it's done click the Make a log of what was found button and post it back here

Open VX2 Finder and press the "Click to Find VX2.BetterInternet
Press the "Make log"
Copy and paste the entire contents of the log back here

Double click on Find.bat, a new text document should open---Give this time to complete It's scan, even if you see File not found
Copy and Paste the Whole contents back here

Could you also let me know if your recycle bin is damaged
Right click an empty spot on the desktop
Left Click NEW>>Text Document
Leave the contents blank, name it and try sending it to the recycle bin
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »