Hi LeeSkye,
I’m sorry for my late reply. I’ve been having problems with my Internet connection lately.
Somehow, the Vundo infection got nuked. Good thing, even if there is no VundoFix report.
OK, here’s what we do next. Please run
HijackThis and click "
Scan". Place a check (tick) next to the following entries (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {C0E4CE10-B098-4A21-9B55-9B08B9DDD6A0} - C:\WINDOWS\system32\appt47.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: appt47 - appt47.dll (file missing)
If you did not set these websites into your IE Trusted Zone, then place a check by these entries as well:
O15 - Trusted Zone: http://www.1shoppingcart.com
O15 - Trusted Zone: http://www.angelfire.com
O15 - Trusted Zone: http://www.bestbirdwatchingbinoculars.com
O15 - Trusted Zone: http://*.clickbank.com
O15 - Trusted Zone: http://www.ebookstoriches.com
O15 - Trusted Zone: http://www.linkmetro.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.sassyenterprises.com
O15 - Trusted Zone: http://community.sigames.com
O15 - Trusted Zone: http://www.xsitepro.com
O15 - Trusted Zone: http://www.youradcopy.com
Close
ALL programs and browsers (including this one), leaving
ONLY HijackThis open, then click "
Fix checked".
Then please exit HijackThis.
NEXT:
Please go to
Start -> Search -> All files and folders.
In the
More advanced options section, please check
Search hidden files and folders.
Then please search for the following files, and if found please delete them:
ALCMTR.EXE
NEXT:
Please download
CCleaner (freeware) and save it to your desktop:
- Run the CCleaner installer.
- During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
- Once installed, run CCleaner and click the Windows tab.
- Select the following:
- Check everything under the Internet Explorer section.
- Check everything under the Windows Explorer section.
- Check everything under the System section.
- Check ONLY Old Prefetch data under the Advanced section.
- Next, click the Options icon, then click the Advanced button:
- UNCHECK : "Only delete files in Windows Temp folders older than 48 hours", click OK.
- Next, click the Cleaner icon, then click the Run Cleaner button (bottom right), then Exit.
NOTE : Please do
NOT use the
Applications tab or the
Issues icon. Keep to the
Cleaner icon and the
Windows tab.
NEXT:
Let's run an online scan to make sure we're not leaving anything behind.
Please do an online scan with
Kaspersky Online Scanner- Click on Kaspersky Online Scanner.
- You will be prompted to install an ActiveX component from Kaspersky, click Yes.
- The program will launch and then begin downloading the latest definition files.
- Once the files have been downloaded click on Next.
- Now click on Scan Settings.
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
Extended
- Scan Options:
Scan Archives
Scan Mail Bases
- Click OK.
- Now under select a target to scan:
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save Report As button.
- In the File name: field, type kavscan.
- In the Save as type: field, select Text file (*.txt).
- Save the file to your desktop.
- Copy and paste that information in your next post.
NEXT:
Please
reboot your computer normally into Windows, and then please post the
log from the Kaspersky scan and a new
HijackThis log.
How are things running now?