Hi and Welcome to TSF!
Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".
Save the next instructions in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.
If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.
It is also important you don't miss a step and perform everything in the right order!!. .
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
Unplug your computer from the Internet when you have finished downloading
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
I notice that you have two anti-virus programs on your machine. That's not a good idea!! :4-thatsba
Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO SAFE MODE
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Enable the viewing of Hidden files
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c7 -w1
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O20 - Winlogon Notify: iexplore - mlY4f.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Locate and delete the following file(s), if present:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
Do an online scan at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".
Save the next instructions in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.
If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.
It is also important you don't miss a step and perform everything in the right order!!. .
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
- Save it to your desktop.
- Double-click the new icon on your desktop (tmas-web-scan.exe)
- It will say "Loading TrendMicro definitions".
- Once the definitions are loaded, the program will appear to close then re-open.
- Click "Start Scan"
- After it's done scanning, click "Scan Results"
- Make sure all items found have a check next to them, then click "Clean Threats Now".
- Click Exit.
Unplug your computer from the Internet when you have finished downloading
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose [Yes] at the Warning prompt.
- Expand the [Tools] menu.
- Click [Resident].
- Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
- In the File menu click [Exit] to exit Spybot Search & Destroy.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
I notice that you have two anti-virus programs on your machine. That's not a good idea!! :4-thatsba
Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO SAFE MODE
- Restart the computer. The computer begins processing a set of instructions known as BIOS.
- As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
- Continue to do so until the 'Windows Advanced Options' menu appears.
- Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Enable the viewing of Hidden files
- From Windows Explorer, go to Tools>Folder Options>View tab.
- Enable the option for `Show hidden files and folder´
- Disable the option for `Hide file extensions for known types´
- Disable the option for `Hide protected operating system files´
- Click Yes to confirm & then click OK
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c7 -w1
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O20 - Winlogon Notify: iexplore - mlY4f.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Locate and delete the following file(s), if present:
- C:\WINNT\system32\usbn.exe
C:\WINNT\System32\vbsys2.dll
- mlY4f.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
Do an online scan at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
- HiJackThis
- Online scan
