Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
I get this error message when entering my account. I have run Hijack this and need to know what to do next. The scan results are attached. Thanks in advance for your help.

[Mod note]: Please do not attach your HijackThis logs to post.

Logfile of HijackThis v1.99.1
Scan saved at 3:58:40 PM, on 2005-10-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
c:\em\opt\tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
c:\EM\OPT\TIVOLI\Mobile\mobile.exe
C:\PROGRA~1\ZONELA~1\INTEGR~1\iclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp= ;gopher= ;http= ;https=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.ca/"); (C:\Documents and Settings\Ian Gilson\Application Data\Mozilla\Profiles\default\mi22jwlj.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ian Gilson\Application Data\Mozilla\Profiles\default\mi22jwlj.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {144D9790-0971-05DB-7C96-0695C9A289EA} - C:\WINDOWS\system32\brthf.dll (file missing)
O2 - BHO: (no name) - {18FC6175-E141-5BCC-8706-605509F1734F} - C:\WINDOWS\System32\qcgvnd.dll (file missing)
O2 - BHO: (no name) - {1AAD6F73-B042-5F98-DD06-605509F1731F} - C:\WINDOWS\System32\qozn.dll (file missing)
O2 - BHO: (no name) - {35999B6C-0A8C-5525-84FE-554044E9FCE9} - C:\WINDOWS\system32\trpxj.dll (file missing)
O2 - BHO: (no name) - {4EF93222-E04C-0B99-8006-605509F17345} - C:\WINDOWS\System32\vfmqtd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD040C4A-CDA5-9851-FA5F-CAC9DCC13CE9} - C:\WINDOWS\system32\rgea.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
O4 - HKLM\..\Run: [SwdisUsrPCN.home-43dtps5dub] "c:\em\opt\tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "c:\em\opt\tivoli\swdis\1\wdusrpcn.env"
O4 - HKLM\..\Run: [HWINV2K] C:\Em\Bin\Tivoli_EM\HwInv2K.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Mobile] c:\EM\OPT\TIVOLI\Mobile\epspawn.exe -w c:\EM\OPT\TIVOLI\Mobile c:\EM\OPT\TIVOLI\Mobile\mobile.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SwdisUsrPCN.qw2rz5zz001] "c:\em\opt\tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "c:\em\opt\tivoli\swdis\2\wdusrpcn.env"
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [WindowsRegKey update] svchostc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRA~1\ZONELA~1\INTEGR~1\iclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Java Update] weatherBug32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [DBmaVs] C:\documents and settings\carolyn gilson\local settings\temp\DBmaVs.exe
O4 - HKLM\..\Run: [sBAy] C:\documents and settings\carolyn gilson\local settings\temp\sBAy.exe
O4 - HKLM\..\Run: [K3VH5x] C:\documents and settings\carolyn gilson\local settings\temp\K3VH5x.exe
O4 - HKLM\..\Run: [DQpcJPS] C:\documents and settings\marissa gilson\local settings\temp\DQpcJPS.exe
O4 - HKLM\..\Run: [CtC956C] C:\documents and settings\marissa gilson\local settings\temp\CtC956C.exe
O4 - HKLM\..\Run: [bn] C:\documents and settings\marissa gilson\local settings\temp\bn.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] svchostc.exe
O4 - HKLM\..\RunServices: [Windows Java Update] weatherBug32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Micr Update] soundblaster.exe
O4 - HKCU\..\Run: [WindowsRegKey update] svchostc.exe
O4 - HKCU\..\Run: [Windows Java Update] weatherBug32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Occr] C:\Documents and Settings\Ian Gilson\Application Data\eabs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.ext.piv.solutioncentres.us.eds.com
O15 - Trusted Zone: http://www.mo.piv.solutioncentres.us.eds.com
O15 - Trusted Zone: http://www.piv.solutioncentres.us.eds.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://www.piv.solutioncentres.us.eds.com//InVision5/cabs/ComDlg32.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.piv.solutioncentres.us.eds.com//InVision5/cabs/mcsimenu.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoc.ops.placeware.com/etc/place/OSCAR/SCOpws-c1/5.1.7.413/lib/quicksilver.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} (SAGraphicView Control) - http://www.gsms-ea.eds.com/gsmsps/Appl/sagraphicview.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {A7A61125-0EAA-11D1-B22F-0000C08C00C4} (SSDBGrid Control 3.1 - A) - http://www.piv.solutioncentres.us.eds.com/InVision5/cabs/ssdw3b32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC93F0F5-9259-4642-94EC-FA5BBBC6981E} (BltPrinter.PrintControl) - http://www.gsms-ea.eds.com/gsmsps/Appl/BltPrinter.CAB
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} :)-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://www.piv.solutioncentres.us.eds.com//InVision5/cabs/Vsflex7.cab
O16 - DPF: {E8671A88-E5DD-11CD-836C-0000C0C14E92} (SSMonth Control) - http://www.piv.solutioncentres.us.eds.com//InVision5/cabs/sscala32.cab
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - c:\em\opt\tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Attachments

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp= ;gopher= ;http= ;https=
O2 - BHO: (no name) - {144D9790-0971-05DB-7C96-0695C9A289EA} - C:\WINDOWS\system32\brthf.dll (file missing)
O2 - BHO: (no name) - {18FC6175-E141-5BCC-8706-605509F1734F} - C:\WINDOWS\System32\qcgvnd.dll (file missing)
O2 - BHO: (no name) - {1AAD6F73-B042-5F98-DD06-605509F1731F} - C:\WINDOWS\System32\qozn.dll (file missing)
O2 - BHO: (no name) - {35999B6C-0A8C-5525-84FE-554044E9FCE9} - C:\WINDOWS\system32\trpxj.dll (file missing)
O2 - BHO: (no name) - {4EF93222-E04C-0B99-8006-605509F17345} - C:\WINDOWS\System32\vfmqtd.dll (file missing)
O2 - BHO: (no name) - {AD040C4A-CDA5-9851-FA5F-CAC9DCC13CE9} - C:\WINDOWS\system32\rgea.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [WindowsRegKey update] svchostc.exe
O4 - HKLM\..\Run: [Windows Java Update] weatherBug32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [DBmaVs] C:\documents and settings\carolyn gilson\local settings\temp\DBmaVs.exe
O4 - HKLM\..\Run: [sBAy] C:\documents and settings\carolyn gilson\local settings\temp\sBAy.exe
O4 - HKLM\..\Run: [K3VH5x] C:\documents and settings\carolyn gilson\local settings\temp\K3VH5x.exe
O4 - HKLM\..\Run: [DQpcJPS] C:\documents and settings\marissa gilson\local settings\temp\DQpcJPS.exe
O4 - HKLM\..\Run: [CtC956C] C:\documents and settings\marissa gilson\local settings\temp\CtC956C.exe
O4 - HKLM\..\Run: [bn] C:\documents and settings\marissa gilson\local settings\temp\bn.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] svchostc.exe
O4 - HKLM\..\RunServices: [Windows Java Update] weatherBug32.exe
O4 - HKCU\..\Run: [Micr Update] soundblaster.exe
O4 - HKCU\..\Run: [WindowsRegKey update] svchostc.exe
O4 - HKCU\..\Run: [Windows Java Update] weatherBug32.exe
O4 - HKCU\..\Run: [Occr] C:\Documents and Settings\Ian Gilson\Application Data\eabs.exe



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • Kazaa

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\WINDOWS\System32\P2P Networking\
Locate and delete the following files:
  • C:\WINDOWS\system32\brthf.dll
    C:\WINDOWS\System32\qcgvnd.dll
    C:\WINDOWS\System32\qozn.dll
    C:\WINDOWS\system32\trpxj.dll
    C:\WINDOWS\System32\vfmqtd.dll
    C:\WINDOWS\system32\rgea.dll
    C:\WINDOWS\System32\soundblaster.exe
    C:\WINDOWS\System32\svchostc.exe
    C:\WINDOWS\System32\weatherBug32.exe
    C:\WINDOWS\System32\E6F1873B.DLL
    C:\WINDOWS\System32\D0CE0C16B1.dll
    C:\Documents and Settings\Ian Gilson\Application Data\eabs.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REBOOT TO NORMAL MODE


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

It would produce a log called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
We may have solved the E6F1873B.DLL error but there may still be malware in your computer. Could we have a look at the logs requested?
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top