Dear honduras,
(Note: Please read through these instructions a couple of times before executing the steps in this post.)You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.******************************
Your computer has a CoolWebSearch Infection.
Please Download
CoolWebShredder, Extract it and run the Program. Press the "Fix Button" Let it fix all variants.
Please restart your computer.
****************************
Please download and run a Free Trial of Trojan Hunter at
http://www.misec.net...rojanHunter.exe. Please restart your computer.
Please run the Housecall online virus scan located at:
http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.
Then please run the Panda scan here:
http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************
Download, install, update, configure and run a scan with Ad-Aware SE at the following link:
http://rstones12.gee...areSE_setup.htmRestart your computer.
*************************
Dear honduras, I would like you to add-on VX2 Cleaner to your Adware SE application. Here is how to do this:
How to use Lavasoft’s VX2 Cleaner add-on Close Ad-Aware and Ad-Watch (if running)
Download the free VX2 Cleaner
here Install the VX2 Cleaner
Start Ad-Aware
Go to "Add-ons"
Select the VX2 Cleaner add-on and click "Run Tool"
If your computer isn’t infected, click "Close".
If your computer is infected Select "Clean System"
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer
See the following link:
http://www.lavasoft....x2cleaner.shtmlPlease restart your computer.
*******************************
Next, please download and run Spybot Search and Destroy 1.4 Here is a link to download
Spybot S & R 1.4.
Here is a link on how to use
How to use Spybot S & D.
Please reboot your computer.
***************************
Please download About:Buster from here:
http://www.geekstogo...tion=show&id=25. Unzip the files to a convenient location such as C:\AboutBuster, and run AboutBuster.exe. Read the instructions then click OK to proceed. Click "Check for Updates", and then "Download Updates" to update About:Buster to the newest version. Then click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. Please post the entire contents of that logfile in your next reply to me.
Please restart your computer.
****************************
Click
Start then
Control Panel then
Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the
Remove or
Change button and if asked select "Yes" or "Ok" to remove:
Optional programs you can uninstall, through the Add/Remove program:PSGuard is a "Spyware remover" of dubious repute, it is part of the "Rogue/Suspect Anti-Spyware Product" list, go to the following web site:
http://www.spywarewa...nti-spyware.htm through your IE browser. In the IE browser menu bar click on "Edit" and Find (on this page). The "Find" dialog box should pop up, type in the "Find what" text box the following: "PSGuard", then click on the "Find Next" button. This should bring you to a spot on the web page that describes the problems with the "PSGuard" application.
Uninstall the following program/programs through Add/Remove programs:
PSGuardRestart your computer.
**************************
Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.security2...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.security2k.net/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.security2...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.security2...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.security2...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.security2...earch.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.security2k.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F1 - win.ini: run=fntldr.exe (cws)
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe (smitfruad)
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp83DE.tmp
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe (Transponder parasite updater/installer)
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe (Transponder parasite updater/installer)
O4 - HKLM\..\Run: [cnublt] c:\windows\system32\cnublt.exe
O4 - HKLM\..\Run: [AdPopup] C:\WINDOWS\epswad4.exe (adware)
Optional FixesI highly recommend you to fix these items:
If you choose to remove
PSGuard, put a check next to the following entry as well:
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.
Please reboot your computer into
Safe mode (continually tap the F8 key while your system is starting, select
Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtmlNext, make sure your PC is configured to show hidden files. Here is how to do this:
Windows XP
* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".
Here is a link for further explanation:
http://www.xtra.co.n...1916458,00.htmlDelete the following file/files marked in blue (if they exist):
fntldr.exe (Do a search for the following file and then delete it.)C:\WINDOWS\
conscorr.exe C:\WINDOWS\
satmat.exe c:\windows\system32\
cnublt.exeC:\WINDOWS\
epswad4.exe Delete the following folder/folders marked in blue (if they exist):
C:\WINDOWS\
nsdbOptional folder/folders marked in blue to be deleted (if they exist):If you uninstalled
PSGuard you need to remove the next folder/folders also:
C:\Program Files\
PSGuardFinally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files
to remove. Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
Restart your computer in normal mode, and then please post a new HijackThis log, along with the about:buster log.
In addition, let me know in detail how your computer system is running after performing the above steps.