Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Go Start -> Run and type CMD - black command window will open.
In the command window, type (or copy and paste):
schtasks /delete /TN AEC8FBBC93976CC4.job /F <Press Enter>
Next, type:
schtasks /delete /TN B03C8C4493D70388.job /F <Press Enter>
Next, type (or copy and paste):
schtasks /delete /TN AFA0717A9183E2CE.job/F <Press Enter>
Next, type (or copy and paste):
schtasks /delete /TN AFE0F7C490036D74.job/F <Press Enter>
Exit from the command prompt now.
Reboot into safe mode.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://trsdpdlnvdbxibby.com/WB0RtGM...xtnBdknx.htm l
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fpejxfcyuaiidapraitdratt...DE/sdJXDpEM.cgi
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.ittxzjlyfghwhlhfqmim.com/WB0RtGMhrpLHu72boEtJ7m7aRfIfNbB9DE/sdJXDpEM.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.j s)
O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Wma wait.exe
O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\DEBUGELSE.exe
O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ray\APPLIC~1\PURETH~1\keep mess.exe
Please delete the following folders:
C:\Documents and Settings\Administrator\Application Data\Purethelive
C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE
C:\Documents and Settings\Ann\Application Data\DENT DATE
C:\Documents and Settings\Ann\Application Data\Purethelive
C:\Documents and Settings\Ray\Application Data\DENT DATE
C:\Documents and Settings\Ray\Application Data\Purethelive
Reboot into normal mode now.
Download
Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
- Save it to your desktop.
- Double-click the new icon on your desktop (tmas-web-scan.exe)
- It will say "Loading TrendMicro definitions".
- Once the definitions are loaded, the program will appear to close then re-open.
- Click "Start Scan"
- After it's done scanning, click "Scan Results"
- Make sure all items found have a check next to them, then click "Clean Threats Now".
- Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. In place of the TrendMicro icon will be a text file called "
Antispyware.log", please double-click that log and copy the entire contents and paste them here.
I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.
Run a new scan with HJT and post that log here.
Let us know if you were unable to delete any of the folders.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006