Cloutz

Members
 View Profile  See their activity

  • Content Count

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by Cloutz

  3. Need Help[INACTIVE]

    in Malware Removal

    Posted

    Hi omarramo12,

    Welcome to BestTechie!!

    My name is Nick and I will be helping you get cleaned up.

    Let's get started!! :thumbsup:

    Please follow the instructions provided, you will want to print out these instructions and use them as a reference.

    Please download ewido anti-malware it is a free version of the program.

    [*]Install ewido anti-malware

    [*]When installing, under "Additional Options" uncheck..

    • Install background guard
    • Install scan via context menu

    Please download AboutBuster.

    • Double click the AboutBuster folder, then double click the AboutBuster.exe inside.
    • Click "Extract all" in the box that pops up, then "Next"
    • Choose the location you would like to install AboutBuster, such as My Documents.
    • Make sure "Show extracted files" is checked, then click "Finish".
    • Reboot to safe mode by continually tapping the F8 key as the computer begins to boot.
    • Open AboutBuster and click the "Begin Removal" button. It will shut down all Explorer windows (if open) while it works.
    • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
    • Reboot your computer into safe mode again
    • Run about:buster again following the same instructions as above, this time without the restart at the end

    Then, Open HijackThis and place a check mark next to the following entries:

    R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)

    O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [cmssSystemProcess] C:\WINDOWS\system32\csmss.exe

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

    These are all optional fixes, they are memory hogs:

    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124824350\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

    Then, make sure no windows are open (other than HijackThis) and click "Fix Checked"

    Delete the following files (if present):

    C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll

    C:\WINDOWS\system32\csmss.exe

    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    Please delete the following folders as well:

    C:\Program Files\WildTangent

    C:\Program Files\Viewpoint\Viewpoint Manager

    C:\Program Files\QuickSearch

    Run Ewido Scan

    • Launch ewido, there should be an icon on your desktop, double-click it.
    • The program will now open to the main screen.
    • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    • You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.

      [*]The update will start and a progress bar will show the updates being installed.

      (the status bar at the bottom will display ("Update successful")

    If you are having problems with the updater, you can use this link to manually update ewido.

    ewido manual updates

    Once the updates are installed do the following:

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido anti-malware.

    Also, Uninstall Logitech Desktop Messenger unless you use it constantly.

    Please include a fresh HijackThis log along with the Ewido log in your next reply

    Thanks,

    Nick :cool: