Start HiJackThis & go to Config>Misc Tools>
Open process manager
Select the following and click
Kill process one at a time.
* Some entries may not be present- C:\WINDOWS\system32\t?skmgr.exe
C:\Program Files\ipee\othb.exe
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Uninstall this program using add/remove programs -
Weatherbug
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Then Have HijackThis fix these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {07850715-FE99-F911-D0FC-CD6945FCD3E6} - C:\WINDOWS\system32\dtidqty.dll (file missing)
O2 - BHO: (no name) - {2BC23162-C1B7-B531-D3B3-F80A015EA5CA} - C:\WINDOWS\system32\awvdu.dll
O2 - BHO: (no name) - {A140C30C-69DA-3A0D-CBFA-5850D6FC2CB3} - C:\WINDOWS\system32\jmcbk.dll (file missing)
O2 - BHO: (no name) - {B8AD7954-81AB-DD7E-EF7D-B8BE490966C6} - C:\WINDOWS\system32\adkblnt.dll (file missing)
O2 - BHO: (no name) - {BFAD7B25-81AE-D075-EF0D-B7BE387B66B6} - C:\WINDOWS\system32\adkblnt.dll (file missing)
O2 - BHO: (no name) - {C16D0BEC-A030-A5E4-7841-96ECADE519B1} - C:\WINDOWS\system32\hjglhql.dll (file missing)
O2 - BHO: (no name) - {D340C176-69D9-3A0D-CB8D-5750A08F2CB5} - C:\WINDOWS\system32\jmcbk.dll (file missing)
O4 - HKLM\..\Run: [Ymmbq] C:\Program Files\Zhivd\Vumelsx.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/W...nnerInstall.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Tick - Show hidden files and folder
- Untick - Hide file extensions for known types
- Untick - Hide protected operating system files
Click Yes to confirm & then click OK
Locate and delete the following folders, if present:
- C:\Program Files\Zhivd\
C:\Program Files\AWS\
C:\Program Files\ipee\
Locate and delete the following files:
- C:\WINDOWS\system32\dtidqty.dll
C:\WINDOWS\system32\awvdu.dll
C:\WINDOWS\system32\jmcbk.dll
C:\WINDOWS\system32\adkblnt.dll
C:\WINDOWS\system32\adkblnt.dll
C:\WINDOWS\system32\hjglhql.dll
C:\WINDOWS\system32\jmcbk.dll
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Go to Start> Run - type
cleanmgr (this starts Windows DiskCleanup)
- Select Drive C: & click the 'OK' button
- Select the following options:
- Temporary Internet Files
- Recycle Bin
- Temporary Files
- Click the 'OK' button
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Launch Notepad, and copy/paste the box below into a new text file. Save it as
FindFile.bat and save it on your Desktop.
Quote:
|
dir C:\WINDOWS\system32\t?skmgr.exe /a h > files.txt notepad files.txt
|
Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it.
Please post the text here along with a new HJT log
__________________
Question - what have you done for the community today?