Hello and Welcome
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
With HiJackThis & place a check next to these items and select "Fix checked":
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: g.mysearch.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: ww.zestyfind.com
O1 - Hosts: om
O1 - Hosts: ww.zestyfind.com
O1 - Hosts: .com
O1 - Hosts: rtoolbar.com
O1 - Hosts: sertoolbar.com
O1 - Hosts: owsertoolbar.com
O1 - Hosts: 127.0
O1 - Hosts: 2.browsertoolbar.com
O1 - Hosts: ww2.browsertoolbar.com
O1 - Hosts: .www2.browsertoolbar.com
O1 - Hosts: 127.0.0.
O1 - Hosts: ww.www2.browsertoolbar.com
O1 - Hosts: 127.0.0.
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\Peter\LOCALS~1\Temp\itnarc.dat (file missing)
O2 - BHO: (no name) - {446CF8A5-617E-4D91-95AE-AE78CE0D06AF} - (no file)
O2 - BHO: (no name) - {68132581-10F2-416E-B188-4E648075325A} - (no file)
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\WINDOWS\TEMP\bewsa.dat
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\ipattnof.dat (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\WINDOWS\TEMP\bacrc.dat
O4 - HKLM\..\Run: [*wavedvd] C:\WINDOWS\Tasks\wavedvd.exe
O4 - HKLM\..\Run: [*mp3] C:\WINDOWS\system\mp3.exe
O4 - HKLM\..\Run: [*regtcp] C:\WINDOWS\Web\regtcp.exe
O4 - HKLM\..\Run: [*uninet] C:\WINDOWS\msagent\uninet.exe
O4 - HKLM\..\Run: [*adnet] C:\WINDOWS\java\classes\adnet.exe
O4 - HKLM\..\Run: [*kbdisk] C:\WINDOWS\ServicePackFiles\kbdisk.exe
O4 - HKLM\..\Run: [*ipacc] C:\WINDOWS\ServicePackFiles\ipacc.exe
O4 - HKLM\..\Run: [*vssexp] C:\WINDOWS\msagent\chars\vssexp.exe
O4 - HKLM\..\Run: [*webjpeg] C:\WINDOWS\repair\webjpeg.exe
O4 - HKLM\..\Run: [*dvdimg] C:\WINDOWS\Fonts\dvdimg.exe
O4 - HKLM\..\Run: [*cmdras] C:\WINDOWS\system\cmdras.exe
O4 - HKLM\..\Run: [*vssvb] C:\WINDOWS\vssvb.exe
O4 - HKLM\..\Run: [*faxav] C:\WINDOWS\Tasks\faxav.exe
O4 - HKLM\..\Run: [*vssdrv] C:\WINDOWS\addins\vssdrv.exe
O4 - HKLM\..\Run: [*netplay] C:\WINDOWS\system\netplay.exe
O4 - HKLM\..\Run: [*antilib] C:\WINDOWS\Fonts\antilib.exe
O4 - HKLM\..\Run: [*fonttcp] C:\WINDOWS\system\fonttcp.exe
O4 - HKLM\..\Run: [*accdll] C:\WINDOWS\Driver Cache\accdll.exe
O4 - HKLM\..\Run: [*wmsad] C:\WINDOWS\ServicePackFiles\wmsad.exe
O4 - HKLM\..\Run: [*abrbin] C:\WINDOWS\repair\abrbin.exe
O4 - HKLM\..\Run: [*eulainet] C:\WINDOWS\addins\eulainet.exe
O4 - HKLM\..\Run: [*accodbc] C:\WINDOWS\Web\accodbc.exe
O4 - HKLM\..\Run: [*logwave] C:\WINDOWS\msagent\chars\logwave.exe
O4 - HKLM\..\Run: [*dlldoc] C:\WINDOWS\AppPatch\dlldoc.exe
O4 - HKLM\..\Run: [*eulacr] C:\WINDOWS\Config\eulacr.exe
O4 - HKLM\..\Run: [*vbacc] C:\WINDOWS\java\classes\vbacc.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab
O20 - Winlogon Notify: ipcmd - C:\DOCUME~1\Peter\LOCALS~1\Temp\dmcpi.dat (file missing)
O20 - Winlogon Notify: playtapi - C:\DOCUME~1\Peter\LOCALS~1\Temp\ipatyalp.dat (file missing)
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Tick - Show hidden files and folder
- Untick - Hide file extensions for known types
- Untick - Hide protected operating system files
Click Yes to confirm & then click OK
Locate and delete the following files:
- C:\WINDOWS\Tasks\wavedvd.exe
C:\WINDOWS\system\mp3.exe
C:\WINDOWS\Web\regtcp.exe
C:\WINDOWS\msagent\uninet.exe
C:\WINDOWS\java\classes\adnet.exe
C:\WINDOWS\ServicePackFiles\kbdisk.exe
C:\WINDOWS\ServicePackFiles\ipacc.exe
C:\WINDOWS\msagent\chars\vssexp.exe
C:\WINDOWS\repair\webjpeg.exe
C:\WINDOWS\Fonts\dvdimg.exe
C:\WINDOWS\system\cmdras.exe
C:\WINDOWS\vssvb.exe
C:\WINDOWS\Tasks\faxav.exe
C:\WINDOWS\addins\vssdrv.exe
C:\WINDOWS\system\netplay.exe
C:\WINDOWS\Fonts\antilib.exe
C:\WINDOWS\system\fonttcp.exe
C:\WINDOWS\Driver Cache\accdll.exe
C:\WINDOWS\ServicePackFiles\wmsad.exe
C:\WINDOWS\repair\abrbin.exe
C:\WINDOWS\addins\eulainet.exe
C:\WINDOWS\Web\accodbc.exe
C:\WINDOWS\msagent\chars\logwave.exe
C:\WINDOWS\AppPatch\dlldoc.exe
C:\WINDOWS\Config\eulacr.exe
C:\WINDOWS\java\classes\vbacc.exe
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Go to Start> Run - type
cleanmgr (this starts Windows DiskCleanup)
- Select Drive C: & click the 'OK' button
- Select the following options:
- Temporary Internet Files
- Recycle Bin
- Temporary Files
- Click the 'OK' button
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
After you have rebooted, please perform an online scan with Internet Explorer at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Download
Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
- Double-click the tmas-web-scan.exe icon
- It will say "Loading TrendMicro definitions".
- Click "Start Scan"
After it's done scanning, click "
Scan Results"
- Make sure all items found have a check next to them, then click "Clean Threats Now".
- Click Exit.
Reboot your computer. I then need you to
repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’
It would produce a log called "
Antispyware.log", please double-click that log and copy the entire contents and paste them here.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
In your next post, please include fresh logs from:
- HiJackThis
- Online scan
- Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________
Question - what have you done for the community today?