WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93110 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
This topic is locked
New Member
Posted 25 January 2006 - 10:55 AM
I'm still afraid to resume online banking for fear of identity theft. Register to Remove
Grand Poobah
Posted 04 February 2006 - 10:13 AM
If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
New Member
Posted 04 February 2006 - 11:17 AM
Hello wga, welcome to the forum.
Sorry about the delay in responding
If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.
Grand Poobah
Posted 04 February 2006 - 11:22 AM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
New Member
Posted 04 February 2006 - 06:21 PM
Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
ZER0 infected files found. Database version #1706
Grand Poobah
Posted 04 February 2006 - 06:29 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
New Member
Posted 04 February 2006 - 07:06 PM
I suggest you do this:
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Download: ResetProtocolDefaults.reg to your desktop.
http://www.mvps.org/...colDefaults.reg
Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C72E6B1F-4984-346C-68C5-4CCD8F7AE844} - C:\WINDOWS\sdklf.dll (file missing)
O2 - BHO: Class - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - C:\WINDOWS\system32\d3kr32.dll (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Open C:\Windows\Prefetch\ Delete ALL files in this folder.
Do this also if these Temp Folders are part of your OS.
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
New Member
Posted 04 February 2006 - 07:10 PM
I suggest you do this:
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Download: ResetProtocolDefaults.reg to your desktop.
http://www.mvps.org/...colDefaults.reg
Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C72E6B1F-4984-346C-68C5-4CCD8F7AE844} - C:\WINDOWS\sdklf.dll (file missing)
O2 - BHO: Class - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - C:\WINDOWS\system32\d3kr32.dll (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Open C:\Windows\Prefetch\ Delete ALL files in this folder.
Do this also if these Temp Folders are part of your OS.
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Empty the Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
Grand Poobah
Posted 04 February 2006 - 07:13 PM
Edited by LDTate, 04 February 2006 - 07:14 PM.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
New Member
Posted 04 February 2006 - 07:20 PM
Lets try it this way.
Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf
Click "Save" and save it to your desktop.
Right-click on the deldomains.inf file and select 'install'
Make sure you do the rest of the fix as well.
Register to Remove
New Member
Posted 04 February 2006 - 07:22 PM
Lets try it this way.
Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf
Click "Save" and save it to your desktop.
Right-click on the deldomains.inf file and select 'install'
Make sure you do the rest of the fix as well.
New Member
Posted 04 February 2006 - 07:35 PM
Lets try it this way.
Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf
Click "Save" and save it to your desktop.
Right-click on the deldomains.inf file and select 'install'
Make sure you do the rest of the fix as well.
That worked and clued me in that it was a firefox problem... when I switched to IE I got the download, used your deldomain source.
carrying on here...
Grand Poobah
Posted 04 February 2006 - 07:37 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
New Member
Posted 04 February 2006 - 08:06 PM
Open HijackThis and do a scan and put a check by the ones I listed.
amazed at the amount of stuff in those temp folders...
Grand Poobah
Posted 04 February 2006 - 08:16 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: What the Tech
