Do a HijackThis scan & place a check next to these items and select "Fix checked":
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
---------------
Open
notepad and copy/paste the text in the quotebox below into it:
Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/172612-browser-hijacked-how-troublesome.html#post1019688>
Collect::
C:\WINDOWS\system32\vdo_b76-4b6b.sys
C:\WINDOWS\system32\msbind32.exe
c:\windows\system32\zwcwdejs.afp
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\system32\rdovyjbw.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\system32\uqpzttri.exe
C:\WINDOWS\system32\open.exe
C:\WINDOWS\system32\tilishpy.exe
C:\WINDOWS\system32\magdfovj.exe
DirLook::
C:\WINDOWS\system32\defaults
C:\WINDOWS\system32\data
File::
C:\DOCUME~1\Illidan\open.exe
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
Driver::
vdo_b76-4b6b
ZWCWDEJS
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
Save this as "
CFScript"
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:
http://www.bleepingcomputer.com/subm....php?channel=4
The file must be uploaded before proceeding to the next step.
---------------
Click here perform an online scan >>
Online Scanner
---------------
In your next post, please include fresh logs from:
- Fresh Hijackthis log taken just before replying
- Online scan
- ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps &
update us on how the computer behaves now
__________________
Question - what have you done for the community today?