First off, welcome to the forum. Now for the worky part.
First, please right-click on My Computer, and choose, Explore. Click on Tools, Folder Options, and then View. Make sure that there is a tic next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.
Next, please download from my signature: CCleaner, Housecall, and SpySweeper. Update SpySweeper, and CCleaner.
+++++++++++++++++++++++++++++++++
Run Housecall. Let if fix everything that it finds, and allow it to run a second time. If it gives you the option of saving a log, please do so.
Now boot into Safe Mode. To learn how to do that, go to
Getting into Windows Safe Mode.
+++++++++++++++++++++++++++++++++
Run CCleaner, make sure that all options are selected, including Advanced. Answer OK or Yes to all warnings. Click on Analyze, then Run Cleaner. Repeat this until either no further files appear, or the same files reappear and cannot be cleaned. If you have files that cannot be cleaned, navigate to the location, right-click on the file and choose Properties. Click on the Security Tab, and Advanced button. Give yourself full ownership of the file, and then manually delete. If you cannot manually delete any file, please note that to post back here.
+++++++++++++++++++++++++++++++++
Now run Spy Sweeper, under Options, Sweep, make sure that all available options under Custom Sweep are selected. Run a full system scan, and let it quarantine everything that it finds. Make sure to save the log to post back here.
Next run AVG again, Under Scanner, Settings, choose Quarantine under How to act?, choose all available files to scan, and put tics next to all options, also select that it automatically generate a report. Run a full system scan.
+++++++++++++++++++++++++++++++++
While still in safe mode, open hijack this and click ‘perform system scan only’, and place a tick next to the following:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - C:\Documents and Settings\Hung Vi\Desktop\Littlewoods Casino.lnk (file missing)
O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - C:\Documents and Settings\Hung Vi\Desktop\Littlewoods Casino.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Click ‘fix checked’.
+++++++++++++++++++++++++++++++++
Next, navigate to the following folders/files and delete them:
C:\PROGRA~1\
PACIFI~1
C:\Documents and Settings\Hung Vi\Desktop\
Littlewoods Casino.lnk
+++++++++++++++++++++++++++++++++
Don’t forget to post the following:
1. the Spy Sweeper log
2. The AVG log
3. A New
HJT log. You need to run the
HJT AFTER all the other fixes have been done, so we can see the changes.
+++++++++++++++++++++++++++++++++
Also, I see you have KEMH.exe and JUAE.exe on your desktop, but I can find no record of them on the web. Do you use these applications? If not, please go to
Online malware scan and upload them, and post the results back here.
Thanks, and I look forward to your response.
v
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Pending] Instala.php! Argh
[Pending] Instala.php! Argh
thanks
Linear Mode
