Hi there EmattE. You also have an Lop infection on there.
Before fixing things with HijackThis Please Do the Following:
Show hidden files and folders:
For XP:- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders.
- If you see a warning message, click Yes.
- Click Apply.
- Click OK.
Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).
How to disable system restore:
WinXP.- Click the Start button.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Please download
CCleaner
You have a
LOP infection that
often comes together with Messenger Plus. To remove it we will try the simple way first.
1.
Go to Add/Remove programs.
Double click on "Messenger Plus!" (or click on Remove)
read quote below please
2. The "Messenger Plus! - Setup" is now displayed.
Click on the Uninstall button.
Note: options displayed on the first screen are not related to the sponsor program.
3. The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen,
you have to type the code that is displayed. Once you enter the code, press Uninstall.
4. If you entered the code properly,
the program will ask you to confirm that you want to uninstall.
You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
5.
To complete the uninstallation,
follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete,
restart your computer and,
hopefully one nasty infection is gone.
When removing Lop.com from the Add/Remove screen it may not show up as Messenger Plus , also look for these and remove them:
Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
Finally there is a step in the removal process of Messneger Plus where the sponsor asks if you want to uninstall that aswell, You have to click YES to this part of the removal process
If you dont do this corretly then you will have no other choice but to reinstall Messenger Plus and then go through the whole removal process again from the start.
Also uninstall "Cram Toolbar" in add/remove programs if present there.
Then boot in safemode (hit f8 when booting up) and fix these with
hjt:
(if still present)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.lvfmtlfispxm.com/YStPeAYb...902eoy0HSarCxH y907HRT9hHDs.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ptuuvekqttuna.biz/5Ab2RVV...q4DzXmc2M4.htm
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O2 - BHO: (no name) - {9C6F86B2-B9D7-9548-027B-B20CB62835A1} - C:\DOCUME~1\DEAN~1.DG-\APPLIC~1\
AMOKCR~1\View Funk.exe
O2 - BHO: (no name) - {313A1E4F-DB6E-F718-D0AD-3C308E4CBEF3} - blank (file missing)
O2 - BHO: (no name) - {900E023C-7550-A8BC-6EFD-4C6652B2F64C} - blank (file missing)
O2 - BHO: (no name) - {910D4B64-2EA8-3077-FE15-36AF4BCDC432} - blank (file missing)
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O4 - HKCU\..\Run: [Love Type] C:\DOCUME~1\Matt\APPLIC~1\
META2L~1\Setup Army Drive.exe
O15 - Trusted Zone:
http://ny.contentmatch.net (HKLM)
Delete the folders in bold , and run Ccleaner. Also delete:
C:\ProgramFiles\
Cram Toolbar
Copy the contents of Code box below to a notepad file. Save it to Desktop named Fixreg.reg and in the "save as" type box choose "all files".
Code:
REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211}]
[-HKEY_CLASSES_ROOT\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}]
[-HKEY_CLASSES_ROOT\Interface\{9D5C62AE-57B0-43C3-BAE4-BA7908DF4386}]
[-HKEY_CLASSES_ROOT\Interface\{F5BB1D9A-DA7B-4C5B-8272-1554B814E97F}]
[-HKEY_CLASSES_ROOT\ToolBand.XBTB00429]
[-HKEY_CLASSES_ROOT\ToolBand.XBTB00429.1]
[-HKEY_CLASSES_ROOT\TypeLib\{256CE99C-D5E1-4ACC-A538-2ED1E2710FAE}]
[-HKEY_CLASSES_ROOT\XBTB00429.IEToolbar]
[-HKEY_CLASSES_ROOT\XBTB00429.IEToolbar.1]
[-HKEY_CLASSES_ROOT\XBTB00429.XBTB00429]
[-HKEY_CLASSES_ROOT\XBTB00429.XBTB00429.1]
[-HKEY_CURRENT_USER\Software\Maxthon]
[-HKEY_CURRENT_USER\software\XBTB00429]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\ITBarLayout]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Uninstall\XBTB00429.XBTB00429Toolbar]
Now double click Fixreg.reg and allow it to add/merge with registry when prompted.
Reset the following settings:
restore the default settings in Internet Explorer
Click Start > Settings > Control Panel
Select Internet Options
Select the Programs tab
Click Reset Web Settings
Click OK
Exit the Control Panel.
reset the Internet Explorer home page
Start Microsoft Internet Explorer.
Connect to the Internet, and then go to the page that you want to set as your home page.
Click Tools > Internet Options.
In the Home page section of the General tab, click Use Current > OK.
I see that you don't have an AV , have a look in our download section for some free ones.
Also i would recommend to do atleast one online AV scan , see for a link below.
After that please post a new
hjt log to check.
Cram tool bar
Linear Mode
