Hello and Welcome to TSF!
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
CleanUp! - Install.
KillBox v2.0.0.175.zip
LQfix.zip
Ewido Security Suite
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.
Download Lavasoft's Ad-Aware & it's recently updated plug-in - VX2 Cleaner
Install both using the default options & then update Ad-Aware with the latest definitions.
Click on Add-ons in the lefthand column & select - VX2 Cleaner V2.0
Click Run Tool >> "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Launch KillBox.exe & select the following options:
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
Next, please reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Double click on LQFix.zip & Run LQFix.bat
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Click Start->Run - type SERVICES.MSC & then click on the OK button
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteugh32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteidh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\Run: [4k7Fhts1O] C:\WINDOWS\kkvbrq.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obbwhzv] C:\Program Files\Fyzc\Tttmzjf.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gentle Windows Loader] win32twain.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [FireWire Service] nvscv32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [FireWire Service] nvscv32.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\RunServices: [Gentle Windows Loader] win32twain.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
Locate and delete the following folders, if present:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Launch Ad-Aware & click on the Start button
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.
You will be prompted to set Ad-Aware to run on reboot, click "OK".
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Ewido with it's updated definitions
...it's important that all windows must be closed)
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
As you reboot, Ad-Aware will start up
Click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Perform an online scan with Internet Explorer with Panda ActiveScan
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
CleanUp! - Install.
KillBox v2.0.0.175.zip
LQfix.zip
Ewido Security Suite
- Install Ewido Security Suite
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Double-click the icon on Desktop to launch Ewido
- On the left hand side of the main screen click update.
- Then click on Start Update.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.
Download Lavasoft's Ad-Aware & it's recently updated plug-in - VX2 Cleaner
Install both using the default options & then update Ad-Aware with the latest definitions.
Click on Add-ons in the lefthand column & select - VX2 Cleaner V2.0
Click Run Tool >> "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Launch KillBox.exe & select the following options:
- delete on Reboot
- end Explorer shell while killing file
- unregister dlll before deleting * if it's not grayed out
- C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\windows\system32\eliteugh32.exe
C:\windows\system32\eliteidh32.exe
C:\WINDOWS\wuamgid.exe
C:\WINDOWS\kkvbrq.exe
C:\WINDOWS\System32\msnmsgr.exe
C:\WINDOWS\System32\canada.exe
C:\WINDOWS\System32\gah95on6.exe
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Next, please reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
- Elite Toolbar
Elite SideBar
Toolbar - My toolbar
Media Access
ISTSvc
WinTools
180Solutions
Internet Optimizer
altnet
SideFind
TBPS
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Double click on LQFix.zip & Run LQFix.bat
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Click Start->Run - type SERVICES.MSC & then click on the OK button
- Locate the service - WebSeach Toolbar support NT service (TBPSSvc)
- Double-click on it to open the Properties dialog.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
- In the popup box that appears, type in TBPSSvc & then click on the OK button
- WinTools for IE service (WinToolsSvc)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteugh32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteidh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\Run: [4k7Fhts1O] C:\WINDOWS\kkvbrq.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obbwhzv] C:\Program Files\Fyzc\Tttmzjf.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gentle Windows Loader] win32twain.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [FireWire Service] nvscv32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [FireWire Service] nvscv32.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\RunServices: [Gentle Windows Loader] win32twain.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Tick - Show hidden files and folder
- Untick - Hide file extensions for known types
- Untick - Hide protected operating system files
Locate and delete the following folders, if present:
- C:\Program Files\SideFind\
c:\program files\Toolbar\
C:\Program Files\Common Files\WinTools\
C:\WINDOWS\EliteToolBar\
C:\WINDOWS\EliteSideBar\
C:\Program Files\Media Access\
C:\Program Files\ISTsvc\
C:\Program Files\Fyzc\
C:\Program Files\Internet Optimizer\
c:\program files\altnet\
- win32twain.exe
nvscv32.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
- Delete Newsgroup cache
[*]Delete Newsgroup Subscriptions
[*]Scan local drives for temporary files
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Launch Ad-Aware & click on the Start button
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.
You will be prompted to set Ad-Aware to run on reboot, click "OK".
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Ewido with it's updated definitions
...it's important that all windows must be closed) - Click Scanner
- Click Complete System Scan to begin scanning.
- Click OK when prompted to clean files
- "Perform action on all infections"
- .Choose clean and click OK.
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
As you reboot, Ad-Aware will start up
Click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Perform an online scan with Internet Explorer with Panda ActiveScan
- Click [Scan your PC] & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click [Scan Now]
- Enter your e-mail address & click [Scan Now] ...begins downloading 8 MB Panda's ActiveX controls
- If it finds any malware, it will offer you a report.
- Click on see report. Then click Save report
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
- Double-click the tmas-web-scan.exe icon
- It will say "Loading TrendMicro definitions".
- Click "Start Scan"
- Make sure all items found have a check next to them, then click "Clean Threats Now".
- Click Exit.
In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
- HiJackThis log
[*] Online Scan
[*] Ewido
[*] TrendMicro's AntiSpyware log
