Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1
Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..
Download any of the required programs before attempting to start any of the fixes.
Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.
SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------
If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.
How to install and run CWShredder
Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click <Check for updates> and let it install all updates
Click <Fix>
Click <Next>
Close CWShredder//
----------------------------------------------------------------------
How to setup AboutBuster version 5
Download AboutBuster
Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..
To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.
This program is updated often so you should always use the built in update feature before you scan with it.
-------------------------------------------------------------------
Please download Ewido Security Suite
Install Ewido Security Suite.
When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu"
To open the main screen double click the icon on the desktop.
You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.
Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.
Now Click on Scanner and Click on Complete System Scan and the scan will start.
During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.
If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report
Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.
----------------------------------------------------------------------
Go to Start/Run/ and type: regedit and OK. Then Backup your Registry.
Navigate to this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and find "undvd.dll"
When you find it right click on "DllName" in the right of the panel and select "Modify" and delete "undvd.dll" from the window.
-----------------------------------------------------------------------
Files highlighted in BLACK will need to be removed from your hard drive.
Folders that have been highlighted RED will need to be uninstalled.
------------------------------------------------------------------
Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
------------------------------------------------------------------
Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager
Messenger Plus! 3
winupdates
MyWay
-----------------------------------------------------------------
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net/...OLoI9VCx.ht ml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pphbfkosizbdoqrna.info//..._st6Zzi_cL0.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ok=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
O2 - BHO: (no name) - {3D11565A-84A8-868D-439B-D754EBFE4308} - C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
O2 - BHO: (no name) - {66D2A3FC-1976-82D5-15A2-CCB22F2BDBC4} - C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\undvd.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HOLDSUPPORTDASHVGA] C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Fastfirstsigndart] C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [bike axis] C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O20 - Winlogon Notify: undvd - C:\WINDOWS\repair\undvd.dll
------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed).
C:\WINDOWS\repair\undvd.dll
C:\Program Files\Messenger Plus! 3
C:\Program Files\winupdates
C:\PROGRAM FILES\MyWay
C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
-------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files.
When finished please post a new log......
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1
Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..
Download any of the required programs before attempting to start any of the fixes.
Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.
SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------
If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.
How to install and run CWShredder
Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click <Check for updates> and let it install all updates
Click <Fix>
Click <Next>
Close CWShredder//
----------------------------------------------------------------------
How to setup AboutBuster version 5
Download AboutBuster
Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..
To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.
This program is updated often so you should always use the built in update feature before you scan with it.
-------------------------------------------------------------------
Please download Ewido Security Suite
Install Ewido Security Suite.
When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu"
To open the main screen double click the icon on the desktop.
You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.
Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.
Now Click on Scanner and Click on Complete System Scan and the scan will start.
During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.
If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report
Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.
----------------------------------------------------------------------
Go to Start/Run/ and type: regedit and OK. Then Backup your Registry.
Navigate to this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and find "undvd.dll"
When you find it right click on "DllName" in the right of the panel and select "Modify" and delete "undvd.dll" from the window.
-----------------------------------------------------------------------
Files highlighted in BLACK will need to be removed from your hard drive.
Folders that have been highlighted RED will need to be uninstalled.
------------------------------------------------------------------
Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
------------------------------------------------------------------
Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager
Messenger Plus! 3
winupdates
MyWay
-----------------------------------------------------------------
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net/...OLoI9VCx.ht ml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pphbfkosizbdoqrna.info//..._st6Zzi_cL0.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ok=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
O2 - BHO: (no name) - {3D11565A-84A8-868D-439B-D754EBFE4308} - C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
O2 - BHO: (no name) - {66D2A3FC-1976-82D5-15A2-CCB22F2BDBC4} - C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\undvd.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HOLDSUPPORTDASHVGA] C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Fastfirstsigndart] C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [bike axis] C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O20 - Winlogon Notify: undvd - C:\WINDOWS\repair\undvd.dll
------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed).
C:\WINDOWS\repair\undvd.dll
C:\Program Files\Messenger Plus! 3
C:\Program Files\winupdates
C:\PROGRAM FILES\MyWay
C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
-------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files.
When finished please post a new log......
