Hi there Moods.
What happend here?
http://www.pchelpforum.com/hijackthi...445-virus.html
Boot up in
SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.
Unzip
Process Explorer and double click on
procexp.exe
In the top section of the Process Exlporer screen double click on
winlogon.exe to bring up the winlogon.exe properties screen. Click on the
Threads tab at the top.
Once you see this screen click on each instance of
gebyv.dll and jkhhi.dll once and then click the
kill button.
After you have killed all of the
gebyv.dll and jkhhi.dll's under winlogon click
OK.
Next In the top section of the Process Exlporer screen again , double click on
explorer.exe and again click once on each instance of
gebyv.dll and jkhhi.dll then click the
kill button.
Once you have done that click
OK again.
Next run
HijackThis and place a check beside each of the following:
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\gebyv.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\SYSTEM32\jkhhi.dll
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1478E4ED-BC85-49C3-B37E-0954B4120F34}: NameServer = 85.255.116.107,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{56C66515-6623-4C79-8B5E-1FD1DE6FDADD}: NameServer = 85.255.116.107,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{682C9201-3AFB-4080-B6F7-97E1B5696A07}: NameServer = 85.255.116.107,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2A7C95-EEA1-4768-9A7B-6FB08A804122}: NameServer = 85.255.116.107,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{1478E4ED-BC85-49C3-B37E-0954B4120F34}: NameServer = 85.255.116.107,85.255.112.184
O20 - Winlogon Notify: gebyv - C:\WINDOWS\System32\gebyv.dll
O20 - Winlogon Notify: jkhhi - C:\WINDOWS\SYSTEM32\jkhhi.dll
Now click
fix checked and close HijackThis.
Please copy the text in the quote below, and paste it into a blank notepad window.
Save it as
vundo.reg and in the "save as" type box choose "all files".
Once you have saved it double click it and allow it to merge with the registry.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B5527 4-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB 5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\CLSID\{581F22DA-7202-4F21-AEF3-114787156016}]
[-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\ATLDistrib Object]
[-HKEY_CLASSES_ROOT\ATLDistrib Object.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLDistrib Object]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLDistrib Object.1]
Start Killbox and place a tick next to [x]delete on reboot.
And press the "all files" button. (just above the yellow triangle)
Copy this list into the windows clipboard:
C:\WINDOWS\System32\gebyv.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll
Back in Killbox go > file > paste from clipboard,
Click the
red highlighted X button and say yes to the prompt, then click OK.
Exit Killbox and restart your PC.
After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.
Also i see you have no AV , firewall and windows isn't updated. Have a look in our download section for free firewalls and AV's.
[Fixed] Winfixer Problem
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Fixed] Winfixer Problem
Do you still have any problems with youre pc?
Linear Mode
