Doesn't look too bad, but there is a couple of files on there we need to upload before fixing.
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders
- Remove the checkmark from the checkbox labeled Hide protected operating system files
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types
- Put a checkmark in the checkbox labeled Display the contents of system folders.
Upload a File to Virustotal
Please visit Virustotal found
HERE
- Click the Browse... button
- Navigate to the file C:\WINDOWS\nlcdx1.dll
- Click the Open button
- Click the Send button
- Copy and paste the results back here please.
Do the same for
C:\WINDOWS\System32\opdp.dll
----------------------------------------------------------------------
CCleaner
- Download from HERE
- Close all browsers.
- Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs, Also check All Advanced tabs(except for the Old prefetch Data option, this should be unticked)
- Click the run cleaner button. Do this several times
----------------------------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: IEsys - {58A53F72-7365-11DC-8314-0800200C9D66} - C:\Program Files\IE System\ie-improver.dll
O2 - BHO: Class - {7F930064-260E-B0C2-9EFB-0727EBD828C3} - C:\WINDOWS\nlcdx1.dll
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O4 - HKLM\..\Run: [{307022FF-05FD-1033-0524-020111230001}] "C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Policies\Explorer\Run: [{307022FF-05FD-1033-0524-020111230001}] "C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}\Update.exe" te-110-12-0000213
O18 - Filter: text/plain - {0F7D83CD-3671-4B3F-950B-D0D48877011D} - C:\WINDOWS\System32\opdp.dll
O21 - SSODL: GqRDnNKO - {30702300-9ADA-89AA-1E42-B60061CE1452} - C:\WINDOWS\System32\cebf.dll (file missing)
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html
Now
close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please go to Start > Control Panel >
Add/Remove Programs and remove the following (if present):
IE System
{307022FF-05FD-1033-0524-020111230001}<- if there
Please note any other programs that you don't recognize in that list in your next response.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these
folders (if present):
C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}
C:\Program Files\IE System
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these
files (if present):
C:\WINDOWS\warnhp.html
C:\WINDOWS\System32\cebf.dll
C:\WINDOWS\System32\opdp.dll
C:\WINDOWS\nlcdx1.dll
After that, Reboot, and post a new HijackThis log here in a reply
--------------------------
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to
Kaspersky and click the
Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
So
1)Virus total results
2)HJT
3)kaspersky
