Please do these steps in order,
Next please follow these instructions. Your version of Hijackthis is out of date AND installed in wrong folder
First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.
Highjackthis Instructions
- Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
- Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
- After installing, the program launches automatically, select Scan now and save a log
- After the scan is complete please attach your log into your reply.
Disable Teatimer
Please disable
Teatimer as it may interfere with the fix.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings in TeaTimer.
Do you know what these are?
926plv32
DropBox
Go to add/remove programs and uninstall the following,
Ask Toolbar
Java(TM) 6 Update 2
Java(TM) 6 Update 3
BitComet 0.93, LimeWire PRO 4.16.2 are installed on your computer and I see that it's running. While BitComet 0.93, LimeWire PRO 4.16.2 are clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using them while cleaning your computer to prevent getting more infections.
A list of clean and infected P2P programs can be found at
Malware Removal and
Spyware Info.
The risks of using a P2P program are stated in this
Sourceforge website and
Information Week article.
Please also read
Malware Removal's Guide on P2P Programs.
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5
- The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
