Jump to content

Infected


Recommended Posts

Hello,

The first things I noticed were that I could not run FireFox and that when I ran Internet Explorer it shows that my homepage is set to http://v-k-s-.i-5-q-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info/.'>http://v-k-s-.i-5-q-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info/. I've tried to run Avira in Internet Explorer but was unable to. I have was able to download Malwarebytes and install it but am unable to update or proceed without updating. After a number of attempts to run HiJackThis I was finally able to get a log saved, pasted below.

I would prefer if I didn't have to reformat my computer, but who knows I just may have to. Any help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:57:03 PM, on 6/11/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Users\Tony\Tony1\winlogon.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\FlashGet\flashget.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\IrmBackground.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://n-a-5.-5-1-0-p-k-o-o-t-g-3-5-1-l-5-.i-k-r-g-1-0-u-5-1-f-3-g-li-9-p-1-x-t-6-g-l-8-m-q-y-s-k-6-l.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://h-3-5-1-e-.d-j-z-4-5-4-7-h-4-6-b-a-z-m-h-.5-b-e-n-t-f-p-p-7-1-1-0-7-c-q-0-3-00-6-u-7-t-1-n-y-q-u-f-u.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://d-a-.v-3-h-.5-b-e-n-t-f-p-p-7-1-1-0-7-c-q-0-3-00-6-u-7-t-1-n-y-q-u-f-u.info

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v-k-s-.i-5-q-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0-m-p-3-5-d-d-b-d-u-7-e-6-.t-2-x-6-9-.5-b-e-n-t-f-p-p-7-1-1-0-7-c-q-0-3-00-6-u-7-t-1-n-y-q-u-f-u.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://x-g-3-w-7-4-y-7-p-p-3-8-v-y.-o-4-l-0-8-m-7-2-p-y-6-h-k-.u-l-c-6-e-p-a-a-0-z-m-s-m-00-v-2-i-7-5-f-l-7-7-l-t-j-h-h-9.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://9-k-g-1-s-1-0-9-m.-g-2-8-s-7-0-3-.i-k-r-g-1-0-u-5-1-f-3-g-li-9-p-1-x-t-6-g-l-8-m-q-y-s-k-6-l.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://j-a-1-4-0-m-l-6-2-1-q.-w-e-i-n-u-1-z-8-r-q-8-a-9-c-2-m-8-1-4-.j-z-0-3-0-u-u-x-f-1l-3-l-h-w-b-q-z-u-5-n-l-l-m-s-5-v-s-z-g.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://4-u-8-t-9-o-5-6-7-v-i-2-u-6-z-3-5-n-0-7-2-x-.2-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://6-q.-0-b-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 208.109.220.95 viabcp.com

O1 - Hosts: 208.109.220.95 www.viabcp.com

O1 - Hosts: 208.109.220.95 bcpzonasegura.viabcp.com

O1 - Hosts: 174.123.156.205 www.produbanco.com

O1 - Hosts: 174.123.156.205 produbanco.com

O1 - Hosts: 174.123.156.205 www.pichincha.com

O1 - Hosts: 174.123.156.205 pichincha.com

O1 - Hosts: 174.123.156.205 wwwp1.pichincha.com

O1 - Hosts: 174.123.156.205 wwwp2.pichincha.com

O1 - Hosts: 174.123.156.205 wwwp3.pichincha.com

O1 - Hosts: 174.123.156.205 wwwp4.pichincha.com

O1 - Hosts: 174.123.156.205 wwww01.pichincha.com

O1 - Hosts: 174.123.156.205 wwww02.pichincha.com

O1 - Hosts: 174.123.156.205 wwww03.pichincha.com

O1 - Hosts: 174.123.156.205 wwww04.pichincha.com

O1 - Hosts: 173.201.254.6 bn.com.pe

O1 - Hosts: 173.201.254.6 www.bn.com.pe

O1 - Hosts: 173.201.254.6 zonasegura1.bn.com.pe

O1 - Hosts: 173.201.254.6 www.zonasegura1.bn.com.pe

O1 - Hosts: 173.201.254.6 peliculasid.com

O1 - Hosts: 173.201.254.6 www.peliculasid.com

O1 - Hosts: 64.117.35.255 iniciorapido.info

O1 - Hosts: 64.117.35.255 www.iniciorapido.info

O1 - Hosts: 64.117.35.255 buscalo.in

O1 - Hosts: 64.117.35.255 www.buscalo.in

O1 - Hosts: 64.117.35.255 buscafacil.com

O1 - Hosts: 64.117.35.255 www.buscafacil.com

O1 - Hosts: 64.117.35.255 emsisoft.com

O1 - Hosts: 64.117.35.255 ahnlab.com

O1 - Hosts: 64.117.35.255 antivir.es

O1 - Hosts: 64.117.35.255 antiy.net

O1 - Hosts: 64.117.35.255 authentium.com

O1 - Hosts: 64.117.35.255 avast.com

O1 - Hosts: 64.117.35.255 avg.com

O1 - Hosts: 64.117.35.255 bitdefender.com

O1 - Hosts: 64.117.35.255 quickheal.com

O1 - Hosts: 64.117.35.255 clamav.net

O1 - Hosts: 64.117.35.255 comodo.com

O1 - Hosts: 64.117.35.255 drweb.com

O1 - Hosts: 64.117.35.255 aladdin.com

O1 - Hosts: 64.117.35.255 ca.com

O1 - Hosts: 64.117.35.255 f-prot.com

O1 - Hosts: 64.117.35.255 f-secure.com

O1 - Hosts: 64.117.35.255 fortinet.com

O1 - Hosts: 64.117.35.255 gdata.es

O1 - Hosts: 64.117.35.255 ikarus.at

O1 - Hosts: 64.117.35.255 jiangmin.com

O1 - Hosts: 64.117.35.255 kaspersky.com

O1 - Hosts: 64.117.35.255 mcafee.com

O1 - Hosts: 64.117.35.255 microsoft.com

O1 - Hosts: 64.117.35.255 eset.es

O1 - Hosts: 64.117.35.255 norman.com

O1 - Hosts: 64.117.35.255 nprotect.com

O1 - Hosts: 64.117.35.255 pandasecurity.com

O1 - Hosts: 64.117.35.255 pctools.com

O1 - Hosts: 64.117.35.255 prevx.com

O1 - Hosts: 64.117.35.255 rising-global.com

O1 - Hosts: 64.117.35.255 sophos.com

O1 - Hosts: 64.117.35.255 sunbeltsoftware.com

O1 - Hosts: 64.117.35.255 symantec.com

O1 - Hosts: 64.117.35.255 hacksoft.com.pe

O1 - Hosts: 64.117.35.255 trendmicro.com

O1 - Hosts: 64.117.35.255 anti-virus.by

O1 - Hosts: 64.117.35.255 hauri.net

O1 - Hosts: 64.117.35.255 virusbuster.hu

O1 - Hosts: 64.117.35.255 www.emsisoft.com

O1 - Hosts: 64.117.35.255 www.ahnlab.com

O1 - Hosts: 64.117.35.255 www.antivir.es

O1 - Hosts: 64.117.35.255 www.antiy.net

O1 - Hosts: 64.117.35.255 www.authentium.com

O1 - Hosts: 64.117.35.255 www.avast.com

O1 - Hosts: 64.117.35.255 www.avg.com

O1 - Hosts: 64.117.35.255 www.bitdefender.com

O1 - Hosts: 64.117.35.255 www.quickheal.com

O1 - Hosts: 64.117.35.255 www.clamav.net

O1 - Hosts: 64.117.35.255 www.comodo.com

O1 - Hosts: 64.117.35.255 www.drweb.com

O1 - Hosts: 64.117.35.255 www.aladdin.com

O1 - Hosts: 64.117.35.255 www.ca.com

O1 - Hosts: 64.117.35.255 www.f-prot.com

O1 - Hosts: 64.117.35.255 www.f-secure.com

O1 - Hosts: 64.117.35.255 www.fortinet.com

O1 - Hosts: 64.117.35.255 www.gdata.es

O1 - Hosts: 64.117.35.255 www.ikarus.at

O1 - Hosts: 64.117.35.255 www.jiangmin.com

O1 - Hosts: 64.117.35.255 www.kaspersky.com

O1 - Hosts: 64.117.35.255 www.mcafee.com

O1 - Hosts: 64.117.35.255 www.microsoft.com

O1 - Hosts: 64.117.35.255 www.eset.es

O1 - Hosts: 64.117.35.255 www.norman.com

O1 - Hosts: 64.117.35.255 www.nprotect.com

O1 - Hosts: 64.117.35.255 www.pandasecurity.com

O1 - Hosts: 64.117.35.255 www.pctools.com

O1 - Hosts: 64.117.35.255 www.prevx.com

O1 - Hosts: 64.117.35.255 www.rising-global.com

O1 - Hosts: 64.117.35.255 www.sophos.com

O1 - Hosts: 64.117.35.255 www.sunbeltsoftware.com

O1 - Hosts: 64.117.35.255 www.symantec.com

O1 - Hosts: 64.117.35.255 www.hacksoft.com.pe

O1 - Hosts: 64.117.35.255 www.trendmicro.com

O1 - Hosts: 64.117.35.255 www.anti-virus.by

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: (no name) - {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

O4 - HKLM\..\Run: [Flashget] "C:\Program Files (x86)\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [irmBackground.exe] C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\IrmBackground.exe

O4 - HKLM\..\Run: [NVIDIA Media Center Library] C:\Users\Tony\Tony1\winlogon.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [NVIDIA Media Center Library] C:\Users\Tony\Tony1\winlogon.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Microsoft Office Outlook 2007.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Oracle IRM Desktop Service Host (OracleIRMServiceHost) - Oracle Corporation - C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16096 bytes

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1. All tools MUST be run from the executable. (.exe)

With Admin Rights (Right click on HijackTHis each time you use it, choose "Run as Administrator")

Run hijackthis. Hit None of the above, Click Do a System Scan. Put a checkmark/tick in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://n-a-5.-5-1-0-...-y-s-k-6-l.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://h-3-5-1-e-.d-...-y-q-u-f-u.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://d-a-.v-3-h-.5...-y-q-u-f-u.info

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v-k-s-.i-5-q-...-z-4-a-q-0.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0-m-p-3-5-d-d...-y-q-u-f-u.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://x-g-3-w-7-4-y...-t-j-h-h-9.info

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://9-k-g-1-s-1-0...-y-s-k-6-l.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://j-a-1-4-0-m-l...-5-v-s-z-g.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://4-u-8-t-9-o-5...-z-4-a-q-0.info

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://6-q.-0-b-.a-l...-z-4-a-q-0.info

Close ALL windows and browsers except HijackThis and click "Fix checked"

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.