Tech Support Forum - View Single Post

Ried · 05-22-2007, 10:07 AM

What happened to your Avast AV? It was there in your first set of logs, but I no longer see it on your system.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folder if they still exist.

C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
C:\QooBox
C:\Program Files\Common Files\?dobe <--The ? can be any character

--------------------------------------------------------------------

The remaining finds by Panda were also detected by AVG A-S and are still there because 'No Action' was taken when you previously ran AVG A-S. Please check your settings and run it again:

Launch AVG A-S

On the main screen select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Now run the scan:

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

If you are in need of an AV, here are 2 very good free Antivirus products which are available:

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run a scan with dss.exe

--------------------------------------------------------------------

Please include the following in your next reply:

AVG A-S results
Panda results
main.txt

05-22-2007, 10:07 AM	#24 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,987 OS: WinXP and Vista	Re: HijackThis log (Please check ASAP) What happened to your Avast AV? It was there in your first set of logs, but I no longer see it on your system. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ************************************************* Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Please ensure Hidden files and folders are viewable: Go to My Computer->Tools->Folder Options->View** tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Files and Folder if they still exist. C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll C:\QooBox C:\Program Files\Common Files\?dobe <--The ? can be any character -------------------------------------------------------------------- The remaining finds by Panda were also detected by AVG A-S and are still there because 'No Action' was taken when you previously ran AVG A-S. Please check your settings and run it again: Launch AVG A-S On the main screen select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Now run the scan: Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, Please ensure it is set to Quarantine then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. -------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- If you are in need of an AV, here are 2 very good free Antivirus products which are available: Avast! AVG** Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan. -------------------------------------------------------------------- Run another online scan at Panda and save the results. -------------------------------------------------------------------- Run a scan with dss.exe -------------------------------------------------------------------- Please include the following in your next reply: AVG A-S results Panda results main.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."