Okay, thanks. Please let the other forum know you are getting help elsewhere.
Please reopen HijackThis to
'do system scan only'. Check each of the following entries
if present. Optional entries have been color coded in green.
O2 - BHO: (no name) - {1C335F06-FB3F-4104-9F8C-E3F1EA1DDDA0} - (no file)
O2 - BHO: (no name) - {1F26BC84-1C70-4C22-B563-6D4D610F2DD6} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)>> (AskBar)> See Optional 2
O2 - BHO: {020dbdef-6a55-cd98-45d4-32f856b03ae3} - {3ea30b65-8f23-4d54-89dc-55a6fedbd020} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)> See Optional 1
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
{2318C2B1-4965-11d4-9B18-009027A5CD4F} Google Toolbar Helper googletoolbar1.dll, googletoolbar2.dll, googletoolbar3.dll, GoogleToolbar.dll, GoogleToolbar_32.dll (Malware, detected as Troj/BHO-DC - NOTE: The CLSID in question is ALSO used by the Google Toolbar, although NOT for the BHO but for the Toolbar itself_)
Close all Windows except Hijackthis and click on
"Fix Checked"
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
If removing the AskBar and/or BearShare:
Control Panel> Add/Remove Programs> Uninstall each of the following:
AskBar
BearShare
Access Windows Explorer:Right click on Start> Explore> My Computer> Local Drive (usually C)> Programs> find the folder for each if uninstalled and do a right click> delete:
AskBar
BearShare
Close Windows Explorer
Optional 1:P2P Warning
I notice that you are running
Bearshare. This is a file sharing program.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall
Bearshare for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
Optional 2: AskBar Foistware:
You have the Ask Toolbar installed, I would recommend you uninstall it - decide after taking a look at this article:
http://www.benedelman.org/spyware/ask-toolbars/
Empty the Recycle Bin
To remove the AppInit entries:
Please download ComboFix HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Follow with rescan using HijackThis. Paste new log into next reply.
Include attachment of Combofix report.
