Where to start. Follow these instructions carefully and in order
Download\install 'SuperAntiSpyware Home Edition Free Version' from
HERE
- Launch SuperAntiSpyware and click on 'Check for updates'.
- Once the updates have been installed,exit SuperAntiSpyware.
----------------------------------------------------------------------------------
: Download and Run FixWarout
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure
"Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Remove bad HijackThis entries
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\SOFTWARE LOAD.exe
O4 - HKCU\..\Run: [Drv Cast] C:\DOCUME~1\esys\APPLIC~1\SHIMDE~1\Ball Way Regs.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk571IXGB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0211D6FD-3B29-4B03-8F1D-29ECDF1C1040}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CD6433-FD3C-4CAC-A11B-5216468B7892}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF1E4FE-107C-4649-B43B-302AB941E7EC}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{99585E16-D9D3-45F4-88C7-69927F37646D}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8F95B28-4230-4D14-BF04-42BE50F606A0}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0211D6FD-3B29-4B03-8F1D-29ECDF1C1040}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
----------------------------------------------------------------------------------
Copy and paste this section into notepad and save it to your desktop to have while in safe mode
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
----------------------------------------------------------------------------------
Please go to Start > Control Panel >
Add/Remove Programs and remove the following (if present):
bandoo
Please note any other programs that you don't recognize in that list in your next response.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these
folders (if present):
C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
C:\Documents and Settings\esys\Application Data\SHIMDE~1<- will start with shimde then be randomly named
c:\program files\bandoo
-----------------------------------------------------------------------------------
Scan with SuperAntiSpyware
- Start SuperAntiSpyware.
- On the main screen click on 'Scan your computer'.
- Check: 'Perform Complete Scan then Click 'Next' to start the scan.
- Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
- Make sure everything found has a checkmark next to it,then press 'Next'.
- Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your next reply
------------------------------------------------------------------------------------
Finally, please post::
1) a fresh HijackThis log
2) C:\fixwareout\report.txt
3) Superantispyware log