Member Panel

ladygreenwitch

Hello Oni-Neko,

Welcome to PCHF from me as well. Let me have a look at your HijackThis log. BRB

LGW

ladygreenwitch

:smiley: Hey Oni-Noki,

Can you please post your ewido log as well. Thanks,

LGW

Oni-Neko

Well, it's a good thing I saved it... whew. I was afraid I'd have to spend another hour doing a scan!

Thank you for all your help, in advance. It's a relief just knowing that -someone- here knows what they're doing.

Hahaha!

ladygreenwitch · 08:03 PM

:cheesy: Great job, it's always disconcerting facing a long scan a second time. LOL

Thanks for that it was very useful.

Please download the following to your desktop Fixwareout and Hoster
also please download Housecall from my signature.

Run the Housecall scan and allow it to fix all it finds.

Next please go to Add/Remove programs, and remove Spyware Cleaner if it is listed.

Now run Fixwareout. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items, if they are there:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: (no name) - {DD47BF0F-1101-EA36-8A93-385C6E115BAF} - scanSYS.dll (file missing)
O4 - HKLM\..\Run: [corrida] syspanel.exe
O4 - HKLM\..\Run: [srbho] startman.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [ms-its] xsetup.exe
O4 - HKCU\..\Run: [CToolBar] SysSupport.exe
O4 - HKCU\..\Run: [utsgmon] br0ken.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DD865E-5692-4DE9-81C9-6647296AA71D}: NameServer = 85.255.116.90,85.255.112.207
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F97EF3F-45C0-42BC-81CB-BAE0563C1146}: NameServer = 85.255.116.90,85.255.112.207
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

Click Fix Checked and OK, close out of HJT

Please delete any of the files in Bold that are still on your PC.

Now run Hoster, click on Restore Original Hosts, then OK. Close out of the program.

Next, please run CCleaner again as instructed previously, and then run another ewido scan. Also run HijackThis one more time. Please post the ewido and HJT logs as well as C:\fixwareout\report.txt back here.

Sorry, this may take a bit of time.

Look forward to your reply

TTFN

LGW

Oni-Neko

I'm having a few difficulties getting Housecall to work right now. Problably just the virus messing with the computer, though. Is it supposed to be web based? I had to download a kernel, but I was expected software.

If I'm doing anything wrong right now, let me know. Otherwise, scanning, logging, etc. is underway.

Thanks for all your help... btw, like my new avatar?

ladygreenwitch

SNAZZY! did you draw it yourself?

BTW, yes Housecall is a webbased virus scanner. You have a backdoor trojan that I was hoping it would remove, we can try some others when you are done with the rest of the fix.

LGW

Oni-Neko

Is Housecall supposed to take forever and seem like it's not doing anything? (sorry for such a quick repost... but I didn't ask in my last one)