OR you can do the following which will most likely remove all of the malware and spare you a reformat/reinstall.
You can download the
Norton Removal Tool and save it to your desktop to run later.
You can reopen HijackThis to [b['do system scan only'. You can check the following if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe See Option 1
Option 1:
P2P or 'file sharing: P2P Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall
MioNet which is associated with the Mionet remote access and sharing network.
for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
Then you can close all Windows except HJT and click on
"Fix Checked."
You can then
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
And do the following:
- Double click on the Norton Tool on your desktop and follow the prompts to remove remaining Norton entries.
- Click on Start> Run type in [b[services.msc[/b]> double click on the following Services and set as instructed:
DNADownloader> reset Startup type to Manual
ccSvcHst (SYmantec)> reset to Disabled> Stop the Service
MioNet> Set to Manual if keeping. Set to Disabled is uninstalling.
Close Services.
Then you can reboot back into Normal Mode and do the following:
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Important! Save the renamed download to your desktop.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Double click on the setup file on the desktop to run
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
- Query- Recovery Console image
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Follow with
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Then you can update PicLens to Cooliris which it has been named for about 2 years and install the plug-in for Firefox
HERE I think you'll be please to learn that Cooliris allows you to make the wall of pictures from the images on your system as well as on the internet.
Then you can reset the Cookies so you don't pick up every Tracking Cookie on the internet:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>
CHECK 'accept first party Cookies'>
CHECK 'Block third party Cookies'>
CHECK 'allow per session Cookies'> Apply> OK.
For Firefox: Tools> Options> Privacy> Cookies>
CHECK ‘accept Cookies from Sites’>
UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
After that, you could attach the Combofix report and Eset log to the next reply. This should show you a marked improvement.
OR
You can reformat and reinstall because someone didn't want to take the time to outline these things for you. Reformatting should be the last thing you do and only if nothing else works.
EDIT: By the way, most of the adware is My Web Search. This is easily gotten for downloading Fun Web Products which offers 'free' Smileys, Screensavers, Cursors, etc. While these are free to download, you do pay a price of having all their adware on the system- some from Mywebsearch, Mysearch, My Search Bar, My Way Speedbar. But all if not most has been removed and I didn't see any remaining in HJT.
