Hello aky and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1
and install it but do not run it yet.
and save it to a folder of its own. Start the program and click on the Check for Update
button. If an update is available then download and install it. Close the program (do not run it yet).Step #2Start in Safe Mode Using the F8 method:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Start HijackThis and click the Scan
button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 18.104.22.168 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
Now close ALL open windows except HijackThis
and click the Fix Checked
button to finish the repair.Step #4
Start CleanUp! and click on the CleanUp!
button. Let it run to completion. It may take a few minutes depending on the size of your hard drive so be patient.Step #5Run CWShredder
- Double-click on CWShredder.exe.
- Click "Fix ->" and click "OK" at the prompt.
- CWShredder will scan and clean your system of CWS files.
- Click "Next->" and then "Exit".
Reboot your computer normally and run at least 2
of the following on-line virus scans:Trend Micro HousecallBitDefender On-Line Virus ScanPanda ActiveScaneTrust Antivirus Web Scanner
Make sure that you choose "fix" or "clean".Step #7AdAware SEDownload, install, update, configure and run a scan with Ad-aware SE:
- Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to be changed before your first scan.
- Close ALL windows except Ad-Aware SE.
- Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
- Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
- In the ‘General’ window make sure the following are selected in green:
- Under Safety:
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
- Under Definitions:
- Prompt to update outdated definitions - set the number of days
- Click on the ‘Scanning’ button on the left and select in green:
- Under Driver, Folders & Files:
- Under Select drives & folders to scan:
- Under Memory & Registry: all green
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Click on the ‘Advanced’ button on the left and select in green:
- Under Shell Integration:
- Move deleted files to recycle bin
- Under Logfile Detail Level: all green
- include addtional object information
- DESELECT - include negligible objects information
- include environment information
- Under Alternate Data Streams:
- Don't log streams smaller than 0 bytes
- Don't log ADS with the following names: CA_INOCULATEIT
- Click the ‘Tweak’ button and select in green:
- Under ‘Scanning Engine’:
- Unload recognized processes during scanning
- Scan registry for all users instead of current user only
- Under ‘Cleaning Engine’:
- Let Windows remove files in use at next reboot
- Under Log Files:
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Please do not check: Include Module list in logfile
- Click on ‘Proceed’ to save the settings.
- Click ‘Start’
- Choose 'Perform Full System Scan'
- DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
- Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
- If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
- Save the log file when it asks and then click ‘Finish’
- REBOOT to complete the removal of what Ad-Aware SE found.
OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply
button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
Edited by OldTimer, 08 May 2005 - 07:10 PM.