Hello,smartboy3 & Welcome
Well i don't say this all the time but one look at this
logfile & i want to run it's not good my friend.
you have some of everything.
[b]Please read through the instructions before you start (you may want to print this out or copy it into a word program).
Download and Install Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
Close ALL windows except Ad-Aware SE
Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in
green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in
green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all
green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in
green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all
green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in
green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
Do not run a scan just yet.
Please download and unzip
AboutBuster to a folder.
AboutBuster MUST be updated before you use it.
Check the
AboutBuster Tutorial for instructions.
Don't run it yet.
Download CW-Shredder at the link below:
http://www.isecurity.org.uk/downloads/cwshredder.exe
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!
+++++++++++++++++++++++++++++++++++++++++++++++++
Here's the fix:
First i have some items for you to Uninstall/Remove
Goto Control Panel Add/Remove Programs & Uninstall these
if still there.
BULLSEYE NETWORK
Gator GAIN
Video1
& do this here before you start with the Fix.
The application Messenger Plus is an add-on. It is not written by Microsoft. It installs spyware, LOP to be exact. Try and see if you can uninstall Messenger Plus via Add\remove Programs, and then if you still want to use it, reinstall it after we have cleaned your computer. Then choose not to install the Sponsor. If you are able to do this, then scan with HJt again in normal mode if possible, and post another log.
how to remove the new.net infection.
Try these steps 1 by 1 until it is gone.
http://www.newdotnet.com/removal.html
1. Reboot into safe mode
safe mode: Instructions
here
2. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:
CMDTKX.EXE
CRBW.EXE
APPBU.EXE
NTXP.EXE
MSNL32.EXE
OGIONF.EXE
BARGAINS.EXE
CMESYS.EXE
SP2CTR.EXE
EVTHTM.EXE
8335.TMP.EXE
DXVID.EXE
id53.exe
ktdmcx.exe
GMT.EXE
Blondes.exe
5164.TMP.exe
If you find the files, click on them, and then click End Process => Exit the Task Manager.
3. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\jwlsn.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DA5DBC97-A7E1-478B-B55A-267B4B54F8EA} - C:\WINDOWS\D3QS32.DLL
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [rugwtgzk] C:\WINDOWS\SYSTEM\OGIONF.EXE
O4 - HKLM\..\Run: [ktdmcx] C:\WINDOWS\SYSTEM\ktdmcx.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system\sp2ctr.exe
O4 - HKLM\..\Run: [EvtHtm] c:\windows\system\evthtm.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\Video1\Dialers\Blondes\Blondes.exe
O4 - HKLM\..\Run: [5164.TMP] C:\WINDOWS\TEMP\5164.TMP.exe 3 28129
O4 - HKLM\..\Run: [8335.TMP] C:\WINDOWS\TEMP\8335.TMP.exe 0 28129
O4 - HKLM\..\Run: [dxvid] c:\windows\system\dxvid.exe
O4 - HKLM\..\Run: [8335.TMP.EXE] C:\WINDOWS\TEMP\8335.TMP.EXE 2 28129
O4 - HKLM\..\Run: [5164.TMP.EXE] C:\WINDOWS\TEMP\5164.TMP.EXE 3 28129
O4 - HKLM\..\RunServices: [cmdtkx] C:\WINDOWS\SYSTEM\cmdtkx.exe
O4 - HKLM\..\RunServices: [PowerManager] C:\WINDOWS\SVCHOST.EXE
O4 - HKLM\..\RunServices: [APPBU.EXE] C:\WINDOWS\APPBU.EXE
O4 - HKLM\..\RunServices: [CRBW.EXE] C:\WINDOWS\SYSTEM\CRBW.EXE
O4 - HKLM\..\RunServices: [MSNL32.EXE] C:\WINDOWS\SYSTEM\MSNL32.EXE
O4 - HKLM\..\RunServices: [NTXP.EXE] C:\WINDOWS\NTXP.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Please fix all of these here
O15
if there are any you want to keep make a note of it
before fixing you can replace after
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} -
http://php.offshoreclicks.com/dialup_files/99950093.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.roings.com/cabs/chedownzip.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) -
http://www.addictivetechnologies.net...b/emCraft1.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!
http://www.free32.com/POP.CHM::/sp.exe
Click on Fix Checked and exit HijackThis.
4. Delete the following files in
Red & folders in
Blue if present:
C:\WINDOWS\
D3QS32.DLL
c:\installer\
id53.exe
C:\WINDOWS\SYSTEM\
OGIONF.EXE
C:\WINDOWS\SYSTEM\
ktdmcx.exe
C:\WINDOWS\
BXXS5.DLL
C:\Program Files\
BullsEye Network\
C:\PROGRAM FILES\COMMON FILES\
CMEII\
c:\windows\system\
sp2ctr.exe
c:\windows\system\
evthtm.exe
C:\Program Files\
Video1\
C:\WINDOWS\
TEMP\<--
Clean out this folder do not delete folder it's self again delete all inside not folder it's self
c:\windows\system\
dxvid.exe
C:\WINDOWS\SYSTEM\
cmdtkx.exe
C:\WINDOWS\
APPBU.EXE
C:\WINDOWS\SYSTEM\
CRBW.EXE
C:\WINDOWS\SYSTEM\
MSNL32.EXE
C:\WINDOWS\
NTXP.EXE
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
5. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
6. Run AboutBuster . This will scan your computer for the bad files and delete them. It will ask to scan the system again, let it. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
7.Run Ad-Aware Se
Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
Save the log file when it asks and then click ‘finish’
8. Clean out temporary and TIF files. Go to Start > Run and type in the box:
cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
9. Reboot into normal mode and open up Internet Explorer
10. Download and run this online virus scan if you can:
<---Important
http://housecall.trendmicro.com/hous...start_corp.asp
Make sure you check "AutoClean"
11.& post a fresh HJT log back here by using the add reply button below, and lets see how we did.
HGD
Re: PLs help... problem of rundll32
Re: PLs help... problem of rundll32
