How you getting on with the scans?
I've finished with the scans and I am just now going to Hijack this again and send it to you. Hopefully you'll be able to help> Thanks.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
How you getting on with the scans?
I've finished with the scans and I am just now going to Hijack this again and send it to you. Hopefully you'll be able to help> Thanks.
Try downloading it again from the link in my signature and when then move the HJT.exe file to a permanent folder like C:\Hjt\hjt.exe or something like that and make a desktop shortcut to it. Then run it again.
-=jonnyrotten=-
ok now locate your download folder. If your using firefox you can click on the tab at the top thats called 'tools' and then 'downloads' You will see hijack this and from there you can open it. Once hijack this is open you will see the'scan button' click on that once. When finished the same button becomes 'save log' click on this once also. The text you will now see before you is what you need to paste in here for us to read.
ok, something we missed maybe. In your firefox browser. Go to 'tools' >>>'options' >>> 'downloads' >>> and tell me the location of your downloads please.
Hey, where the hijackthis is located is in my documents. It went into a notepad. Should I delete it?
Please put Hijack This in the following folder:
C:\DOCUME~1\HERNAN~1\\HijackThis.exe
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
The following ip is BlackHawk Internet. You tell me you know little about computers, so i doubt you'll know this. If you have no connection with this have hijack fix these too:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49FDE2A-2F29-460A-870A-B6A021D64A6E}: NameServer = 12.148.201.34 12.148.201.35
Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.
Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe
Install the program and launch it.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
-> Click on the Gear icon (second from the left) to access the preferences/settings window
1. In the General window make sure the following are selected:2. Click on the Scanning button on the left and select :
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
-> Click on the Advanced button on the left and select:
- Scan Within Archives
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Under Click here to select drives + folders, choose:
- All of your hard drives
-> Click the Tweak button and select:
- Include additional process information
- Include additional file information
- Include environment information
- Include additional object details
-> Click on Proceed to save the settings.
- Under the Scanning Engine:
- Unload recognized processes during scanning
- Include basic Ad-aware settings in logfile
- Include additional Ad-aware settings in logfile
- Under the Cleaning Engine:
- Let Windows remove files in use at next reboot
-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
- Use Custom Scanning Options
-> Save the log file when it asks and then click Finish
-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
Nothing. It's yours so it's ok.Before I get started, two things...
Blackhawk Internet Communications, Inc. What should I do with those?
I f you've got it, great! Always check for updates before running.Shouldn't I have the updated versions already on my computer?
Nothing. It's yours so it's ok.Before I get started, two things...
Blackhawk Internet Communications, Inc. What should I do with those?I f you've got it, great! Always check for updates before running.Shouldn't I have the updated versions already on my computer?
Ok. Follow these new instructions:
Please put Hijack This in the following folder:
C:\DOCUME~1\HijackThis.exe
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.
Ad-aware launch it.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
-> Click on the Gear icon (second from the left) to access the preferences/settings window
1. In the General window make sure the following are selected:2. Click on the Scanning button on the left and select :
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
-> Click on the Advanced button on the left and select:
- Scan Within Archives
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Under Click here to select drives + folders, choose:
- All of your hard drives
-> Click the Tweak button and select:
- Include additional process information
- Include additional file information
- Include environment information
- Include additional object details
-> Click on Proceed to save the settings.
- Under the Scanning Engine:
- Unload recognized processes during scanning
- Include basic Ad-aware settings in logfile
- Include additional Ad-aware settings in logfile
- Under the Cleaning Engine:
- Let Windows remove files in use at next reboot
-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
- Use Custom Scanning Options
-> Save the log file when it asks and then click Finish
-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.