Hello and Welcome to TSF!
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
Download smitRem.zip - Right click on the file and extract it to it's own folder .
Download & Install CleanUp!
Host.zip - Extract the file & overwrite the existing copy located at C:\WINDOWS\host
DelO15Domains.inf - Right click & choose "Save As..." DelO15Domains.inf.
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen).
Wininet.dll
If you have not already installed Ad-Aware SE 1.06, download and update Ad-Aware SE Setup. Don't run it yet!
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Next, reboot your computer in SafeMode :
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R3 - Default URLSearchHook is missing
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\explorer6s4.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\explorer6s4.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\VXH8JKDQ2.EXE
O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
Locate and delete the following folders, if present:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Open Ad-aware and close ALL other windows.
1. Click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
3. Click Start
4. Choose - Perform Full System Scan
5. DeSelect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
6. Click Next and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
7. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
8. Right-click on the list and choose Select All
9. Click Next to finish removing the items that were found
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh copies of:
Please provide details of any problems you encountered whilst performing the above steps.
Let us know if any problems persist.
** In the event that you're unable to run Internet Explorer after this, please copy the the downloaded wininet.dll to this directory - C:\Windows\System\
Only do this if you're unable to start IE
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
Download smitRem.zip - Right click on the file and extract it to it's own folder .
Download & Install CleanUp!
Host.zip - Extract the file & overwrite the existing copy located at C:\WINDOWS\host
DelO15Domains.inf - Right click & choose "Save As..." DelO15Domains.inf.
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen).
Wininet.dll
If you have not already installed Ad-Aware SE 1.06, download and update Ad-Aware SE Setup. Don't run it yet!
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Next, reboot your computer in SafeMode :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
- Clear Search
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R3 - Default URLSearchHook is missing
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\explorer6s4.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\explorer6s4.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\VXH8JKDQ2.EXE
O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Tick - Show hidden files and folder
Locate and delete the following folders, if present:
- C:\PROGRAM FILES\CLEARSEARCH\
- C:\WINDOWS\SYSTEM\ZOLKER010.DLL
C:\WINDOWS\SYSTEM\SVCHOST.EXE
C:\WINDOWS\SYSTEM\SVCHOST.DLL
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\explorer6s4.exe
C:\winstall.exe
C:\WINDOWS\SYSTEM\VXH8JKDQ2.EXE >> delete all other files found to be similarly named
C:\WINDOWS\SYSTEM\sysvcs.exe
C:\windows\hook.dll
c:\counter.cab
C:\WINDOWS\SYSTEM\birdihuy32.dll
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
- Delete Newsgroup cache
[*]Delete Newsgroup Subscriptions
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Open Ad-aware and close ALL other windows.
1. Click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
- In the General window make sure the following are selected in green:
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
- Prompt to update outdated definitions - set the number of days = 7
- Click on the Scanning button on the left and select in green:
- Scan Within Archives
- Under Select drives & folders to scan:
- choose all hard drives
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Click on the Advanced button on the left and select in green:
- Move deleted files to recycle bin
- include addtional object information
- DeSelect - include negligible objects information
- Click the Tweak button:
- Under Scanning Engine:
- Unload recognized processes during scanning
- Ignore spanned files when scanning cab archives
- Scan registry for all users instead of current user only
- Under Cleaning Engine:
- Let Windows remove files in use at next reboot
- Under Log Files:
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Include computer & username in logfile
- Please DeSelect: Include Module list in logfile
- Under Scanning Engine:
3. Click Start
4. Choose - Perform Full System Scan
5. DeSelect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
6. Click Next and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
7. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
8. Right-click on the list and choose Select All
9. Click Next to finish removing the items that were found
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh copies of:
- HiJackThis log
[*] Smitfiles.txt
Please provide details of any problems you encountered whilst performing the above steps.
Let us know if any problems persist.
** In the event that you're unable to run Internet Explorer after this, please copy the the downloaded wininet.dll to this directory - C:\Windows\System\
Only do this if you're unable to start IE
