HJT Log
- Thread starter d00dette
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Network Monitor
ToolBar888
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Network Monitor
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
netmon.exe
_mzu_stonedrv8.exe
ibm00001.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B70425-72A6-46A9-8FED-8D414936CD85}: NameServer = 131.111.8.42,131.111.12.20<Only fix this if it doesn`t belong to your ISP.
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\k4pm0e71eh.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: JFiSXGS - {A8EBB737-0241-1D9D-7204-B91E9E0BDE6D} - C:\WINDOWS\system32\zcen.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Network Monitor Delete the entire folder.
c:\windows\system32\_mzu_stonedrv8.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log along with an AVG antispyware log. Let me know how your system is running.
Regards Howard :wave: :wave:
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Network Monitor
ToolBar888
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Network Monitor
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
netmon.exe
_mzu_stonedrv8.exe
ibm00001.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B70425-72A6-46A9-8FED-8D414936CD85}: NameServer = 131.111.8.42,131.111.12.20<Only fix this if it doesn`t belong to your ISP.
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\k4pm0e71eh.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: JFiSXGS - {A8EBB737-0241-1D9D-7204-B91E9E0BDE6D} - C:\WINDOWS\system32\zcen.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Network Monitor Delete the entire folder.
c:\windows\system32\_mzu_stonedrv8.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log along with an AVG antispyware log. Let me know how your system is running.
Regards Howard :wave: :wave:
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Please follow the instructions as presented, that includes booting into safe mode under you usual user name.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hi Howard,
Thanks for all your help - my system seems to be running normally now. I was wondering, though: how would I know if this file:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B70425-72A6-46A9-8FED-8D414936CD85}: NameServer = 131.111.8.42,131.111.12.20
belongs to my ISP or not?
Cheers,
Sophie
P.S. HJT log attached.
Sorry, here it is. Glancing at it again, I see that Toolbar888's still there..
Thanks for all your help - my system seems to be running normally now. I was wondering, though: how would I know if this file:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B70425-72A6-46A9-8FED-8D414936CD85}: NameServer = 131.111.8.42,131.111.12.20
belongs to my ISP or not?
Cheers,
Sophie
P.S. HJT log attached.
Sorry, here it is. Glancing at it again, I see that Toolbar888's still there..
howard_hopkinso
Posts: 21,238 +17
Edit:Your HJT log is now clean.
Have HJT fix this inactive entry.
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
THIS is the info that comes up on a Whois search for that ip address.
Cambridge university. If that`s correct, then don`t fix the 017 entry.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Have HJT fix this inactive entry.
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
THIS is the info that comes up on a Whois search for that ip address.
Cambridge university. If that`s correct, then don`t fix the 017 entry.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I have edited my post above because our posts crossed.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Please post a fresh HJT log.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
In that case, please give me details.
Post fresh HJT and I require a fresh AVG Antispyware log. You can find instructions for AVG Antispyware HERE.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post fresh HJT and I require a fresh AVG Antispyware log. You can find instructions for AVG Antispyware HERE.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Download the Pocket Killbox programme from HERE. Extract it to your desktop.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
Once your system has rebooted, post a fresh HJT log. You must also install run and attach the AVG antispyware log as per these instructions HERE.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
Once your system has rebooted, post a fresh HJT log. You must also install run and attach the AVG antispyware log as per these instructions HERE.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Post the log files I asked for please.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I have asked you several times to post an AVG Antispyware log. Despite this, no such log has been posted.
Unless you post an AVG Antispyware log I can`t help you any further.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Unless you post an AVG Antispyware log I can`t help you any further.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Delete all files in AVG Antispyware quarantine.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
when it reboots and post a fresh HJT log.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
when it reboots and post a fresh HJT log.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rmctyxma
*******************
Script file located at: \??\C:\tpofhsxv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temporary Internet Files\Content.IE5\IBUJI1YF\speedtest2[1].dll deleted successfully.
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe for deletion
Deletion of file C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe failed!
Could not process line:
C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe
Status: 0xc0000033
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe for deletion
Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Status: 0xc0000033
File C:\WINDOWS\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll for deletion
Deletion of file C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll failed!
Could not process line:
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
Status: 0xc000003a
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rmctyxma
*******************
Script file located at: \??\C:\tpofhsxv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temporary Internet Files\Content.IE5\IBUJI1YF\speedtest2[1].dll deleted successfully.
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe for deletion
Deletion of file C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe failed!
Could not process line:
C:\Documents and Settings\Sophie Erskine\Local Settings\Temp\Temporary Internet Files\Content.IE5\0A2LM56Y\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe
Status: 0xc0000033
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe for deletion
Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exeC:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Status: 0xc0000033
File C:\WINDOWS\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
Could not open file C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll for deletion
Deletion of file C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll failed!
Could not process line:
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll
Status: 0xc000003a
Completed script processing.
*******************
Finished! Terminate.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll Let me know if you manage to find this file.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\{38EBB736-0746-2057-0605-06030705002c}\MyToolBar.dll Let me know if you manage to find this file.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ok, go HERE and follow the instructions. I would have told you earlier, but I have only just discovered this as of yesterday.
Post a fresh HJT log when done.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post a fresh HJT log when done.
Regards Howard
This thread is for the use of d00dette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hi Howard,
Thanks for the link - it picked up on a whole new set of stuff. The only thing is, in order to remove anything, I need to pay for the full version..
I've attached the support log for this new program. Any advice?
Cheers,
Sophie
PS. shall I try to remove it manually?
Thanks for the link - it picked up on a whole new set of stuff. The only thing is, in order to remove anything, I need to pay for the full version..
I've attached the support log for this new program. Any advice?
Cheers,
Sophie
PS. shall I try to remove it manually?
- Status
Latest posts
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
-
Modder builds a Nintendo Wii the size of a deck of cards- WhiteLeaff replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU- Squid Surprise replied
-
Apple is rolling out AirPlay support for TVs in hotel rooms- RudyBob replied
-
The Best Phones: Top Picks for Every Price Range- DanteSmith replied
