Help With Downloader-acv

Status
Not open for further replies.
Hello all,

I have McAfee and it has told me that I have a downloader acv trojan on my computer. I followed the advice in a previous thread from someone named " kerenza" who had a similar probelm. But I'm still confused. I hope someone can help me and be able to explain it in dummy terms. I would greatly appreciate it.

I posted the Hijiack log for someone to please review.

Thank you in advance!
 
First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/S/ Service needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsb42.dll (file missing)
/R/ O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\awtsq.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
/R/ O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
/P/ O4 - HKLM\..\Run: [mnxhedj] C:\WINDOWS\mnxhedj.exe
/P/ O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run
/P/ O4 - HKCU\..\RunServices: [Windows IP Security Service] dgoud.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
Fix ALL your O16 - DPF: entries
Unless these IP-numbers are from your ISP, fix the O17
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E175683-A931-4B32-BD75-B9CD57C0D291}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E175683-A931-4B32-BD75-B9CD57C0D291}: NameServer = 205.188.146.145
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
/P/S/ O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yrkodaf.exe
...................................................................................................

STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

I would also advise you to get rid of that AOL junk!
 
Thank you sooo much. I printed out the HJT intructions but the only part I am confused on is when you say to transfer the text (from between the dotted lines in your referred post to between these dottied lines.

Can you please explain that to me. I'm really sorry I have been trying to figure it out and I know you don't like dumb questions.

Your help has been greatly appreciated.

Thank you
 
Oh, one more question. When you say fix all your 016-DPF entries, how do I accomplish this? I know DPF stands for downloaded program files. I just don't know how to fix them. Thank you
 
My above post has several text-lines between dotted lines, as in:
........................................
/R/ whatever...
/P/ whatever...
........................................

The post you need to Read: Only use... also has some dotted lines
...................................................................... .............................
TRANSFER THE TEXT (from between the dotted lines in YOUR referred post) to BETWEEN THESE dotted LINES
...................................................................... .............................

Now put your own lines, or as in this example:
/R/ whatever...
/P/ whatever...
between the dotted lines of the Read: post so that it looks like:

Next, run a HJT Scan and (if still there) place a Tick-mark in the little square before: (Tick every line from the transfer!)
...................................................................... .............................
/R/ whatever...
/P/ whatever...
...................................................................... .............................
Now click on the Fix Checked button in HJT. Exit HJT.

FIX means put a check-mark before that line, so that Fix Checked can fix the checked lines.

And yes, it is a dumb question :unch:
 
Status
Not open for further replies.
Back