Help with HijackThis log

Status
Not open for further replies.
K

kylita

Hi,
I have been having some trouble the past week or so with Adware and trojans. I followed the directions on this site on how to remove Begin2Search/CoolWebSearch from my computer and it seems to be working a lot better now. I was wondering if anyone could check my log to make sure that I got everything. Any help would be much appreciated.
 
Are you sure you followed the directions? It doesn't look like it at all!

Go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the AdAware plug-in for fixing VX2.
Install but do not yet run it.

Next, boot in Safe Mode
Switch System Restore off
Press ctrl/alt/del and in Taskmanager try to STOP:
ALL the xxx.exe files from the O4 group BELOW, as well as:
SYSCHECKBOP32(.exe)
SYSMONNT(.exe)

O4 - HKCU\..\Run: [SYSMONNT] C:\WINDOWS\SYSTEM\SYSMONNT ==>> VX2 infection <<==
Now run Adaware ->Add-ons and select VX2 Cleaner. Click Run Tool and OK to start it. If it's clean, it'll say Status System Clean. If not, click the Clean button to remove the VX2 infection.

Next, get rid of this junk, by trying to UNinstall anything to do with:
C:\Progra~1\YMVLTCUB\YMVLTCUB.exe
C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\PROGRA~1\SPYWAR~1\SpyWareWall.exe
C:\Program Files\PopUpWall\PopUpWall.exe
C:\PROGRAM FILES\FLASHGET\JETCAR.EXE

Next, run HJT on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://216.130.185.122/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.130.185.122/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Boston University
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.bu.edu/proxy/crc.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SDWin32 Class - {202EDC9A-9F8D-4CBB-B5E5-17F0D6EEA011} - C:\WINDOWS\SYSTEM\ESIZR.DLL
O2 - BHO: SDWin32 Class - {755C36B2-C06D-4CFC-80C2-9CC143CF7923} - C:\WINDOWS\SYSTEM\VRXFX.DLL
O2 - BHO: ohb Class - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\SYSTEM\IC2_WIN.DLL
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\WINDOWS\ALL USERS\APPLICATION DATA\LINKBHO\LINKBHO.DLL
O2 - BHO: (no name) - {2BCA368C-FC1E-4361-A359-7C081E9A60AC} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {5DDD2E8F-F62C-481B-9B66-3AEC219B8A47} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {05D7E34D-C239-4C49-9479-4821176AAAF7} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {9E6356E3-F81C-4AB8-A578-D8864B868FD8} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {A5F994C9-2B7F-4C77-B5BE-1677803746C9} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {2C4EDE48-379C-4134-A5F4-6FD3136A7E5F} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {2F467B95-65B5-4DF5-A52F-1E64F44E8241} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {CFF7FE36-64AC-4936-B90C-3DE192ECDDCD} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {00D62B0B-4B50-4D84-AAFA-423B2022F1F6} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {9AD59B0E-CF68-44C2-AA67-0B5D9118CD4D} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {044D702C-C6D2-4775-804F-A3AAC881D9B8} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {2AAB6DBA-6E84-4F2E-B9C6-B98943FDD1E9} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {0EC48F30-CBFF-4B65-AC77-2A0AE483885E} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {8F130F5A-BFE0-41F1-9EEC-6208095E8C2D} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {05AC3A58-C713-4B7E-8594-67984E3364C7} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {9462A5A0-0EDF-4A1D-AE68-EECD2C8E8B6D} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {D3653463-533A-4A39-9128-1DA4E1EAC271} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {CC3BD418-FCFE-4EEE-96EF-002A294A937F} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL (file missing)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\DLMAX.DLL (file missing)
O2 - BHO: (no name) - {955AE9CE-109E-4465-8CDC-6563B3E57104} - C:\PROGRAM FILES\YMVLTCUB\YMVLTCUB.dll
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINDOWS\SYSTEM\IC2_WIN.DLL
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\VAUGHO.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
O4 - HKLM\..\Run: [qpedbmoe] c:\windows\system\qpedbmoe.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SYSCHECKBOP32
O4 - HKLM\..\Run: [esizrc] C:\WINDOWS\SYSTEM\esizrc.exe
O4 - HKLM\..\Run: [vrxfxc] C:\WINDOWS\SYSTEM\vrxfxc.exe
O4 - HKLM\..\Run: [p4mW37Q] SFP_32.EXE
O4 - HKLM\..\Run: [YMVLTCUB] \Progra~1\YMVLTCUB\YMVLTCUB.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - HKCU\..\Run: [SYSMONNT] C:\WINDOWS\SYSTEM\SYSMONNT
O4 - HKCU\..\Run: [SpyWareWall] C:\PROGRA~1\SPYWAR~1\SpyWareWall.exe
O4 - HKCU\..\Run: [Y356RXc6l] RPCTHK32.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: popupwall.lnk = C:\Program Files\PopUpWall\PopUpWall.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://education.dellnet.com/ (file missing) (HKCU)

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Reboot in normal mode. If all OK, switch System Restore back on.

To get a reliable, fast, free and ad-free downloader, go to www.stardownloader.com
Don't use IE anymore, except for windoze-updates.
Go to www.getfirefox.com and use that from now on. It has a perfect popup- and other adware-stopper built in.
 
Status
Not open for further replies.

Similar threads

B
Help with PUBG Mobile Pc
Replies
0
Views
439
basitdogar
B
scavengerspc
A post for the Captain
Replies
1
Views
1K
captaincranky
captaincranky
D
Need help with a lenovo thinkvision showing power saving mode
Replies
6
Views
2K
Donutmuncher
D

Latest posts

Back