hI hele
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
===============
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.
Download, unzip to your desktop CWShredder and run it, then:
1. Click "Check For Update" make sure your version is 2.14
(If an update isn't available, skip to step #4.)
2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [LOPTCON] corrida.exe
O4 - HKLM\..\Run: [KeywordFinder] progmen.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [iesetupdll] progmen.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{230137DD-CE92-4C89-8D96-6EDE74C61DBD}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B857FEF-4825-4AF9-80ED-87865BFD305C}: NameServer = 69.50.184.85,195.225.176.31
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
reboot
Run an online antivirus check from at least one and preferably 2 of the following sites....select autoclean click below
Housecall
Panda scan
RAV
Re-boot again. Then post a new HijackThis log to check what is left if anythig didnt get cleaned post the av log too
===============
-
Lobos.
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
===============
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.
Download, unzip to your desktop CWShredder and run it, then:
1. Click "Check For Update" make sure your version is 2.14
(If an update isn't available, skip to step #4.)
2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [LOPTCON] corrida.exe
O4 - HKLM\..\Run: [KeywordFinder] progmen.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [iesetupdll] progmen.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{230137DD-CE92-4C89-8D96-6EDE74C61DBD}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B857FEF-4825-4AF9-80ED-87865BFD305C}: NameServer = 69.50.184.85,195.225.176.31
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
reboot
Run an online antivirus check from at least one and preferably 2 of the following sites....select autoclean click below
Housecall
Panda scan
RAV
Re-boot again. Then post a new HijackThis log to check what is left if anythig didnt get cleaned post the av log too
===============
-
Lobos.
