Hi Mike ,
Nice to hear you may be nearly clean again,I did notice
the post by edwin but wanted to make sure its not changed
the registry on yours,If you have your desktop back and
it doesnt switch back when you reboot then hopefully
you've fixed that problem.
With killbox this is quite important to make sure your
system is clean,I remembered you saying in a earlier post
that you searched for some of the bad files and they
appeared but wouldnt let you delete them,then the next
time you searched you couldnt find them
If any of the malware files still exist using killbox
will take them out when you reboot.Killbox is a great
tool for files that just refuse to be deleted,
Most of the names i put should not exist anymore as they
are not showing in the Hijack log its just a way to clean
up and confirm there's no traces left,for example these
entries below that were in your log:
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32
\msmsgs.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32
\hookdump.exe
Fixing these with hijack will not remove the file from
c/drive it will delete the registry run command thats
making the file start up when you reboot.Once you fix
them in Hijack this,Its best to enable hidden files and
folders and boot into safe mode then remove the malware
files.With the malware files being in the Windows System
32 folder they are running with Windows so using killbox
could be a easier option to delete all the crap when you
reboot.
If you think your clean again now you may not need to do
this but running Microworlds escan is probably better at
this stage than runnin Ewido again.Escan doesnt delete
malware but its very precise and will let you know if
anything remains.
Microworld's Escan
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Download to desktop,double click to extract & run .Tick
all possible scan locations ( all folders and all
drives ) then press scan . When its finished scanning it
will display the results in the lower pane.You can copy n
paste that by left clicking and covering all the text
then press Control & C to copy it.
If it says malware was found and you need to pay to
remove it just shut it down and let it carry on
scanning.With the results only remove files your sure
about as Escan will tag anything suspicious as a virus
riskware,Adware and other things like built in tools such
as W32.reboot that AOL and other companies use to reboot
your system when your upgrading their products.
If there's any crap left this scanner should find it for
you but it does take a very long time so only use it if
you think its needed .
To help you stay clean here some links to free programs
that protect your system :
----------------------------------------------------------
----------------------------------------------------------
Spybot Search & Destroy 1.4
http://fileforum.betanews.com/download/Spybot_Search_and_D
estroy/1043809773/1
(Use all updates and the immunize feature to block known
malicious sites)
----------------------------------------------------------
----------------------------------------------------------
Ad-Aware SE
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022_4-10399602.html?tag=sptlt_s
----------------------------------------------------------
----------------------------------------------------------
Spyware Blaster
http://downloads.net-
integration.net/spywareblastersetup34.exe
Prevents the installation of ActiveX-based spyware,
adware, browser hijackers, dialers, and other potentially
unwanted pests.
Block spyware/tracking cookies in Internet Explorer and
Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in
Internet Explorer.
----------------------------------------------------------
----------------------------------------------------------
Spyware Guard
http://www.javacoolsoftware.net/downloads/spywareguardsetu
p.exe
SpywareGuard provides a real-time protection solution
against spyware that is a great addition to
SpywareBlaster's protection method.
----------------------------------------------------------
----------------------------------------------------------
CWShredder
http://cwshredder.net/bin/CWShredder.exe
To remove Cool Web Search Variants
----------------------------------------------------------
----------------------------------------------------------
Spyware Doctor :
http://www.freewebtown.com/sphecter/spydoc.exe
Once downloaded install -
Secondly visit this link for a free one year subscription
license:
http://www.pctools.com/spyware-doctor/free/pcuserau/
Once installed and you have entered your license code run
live update to get the most recent spyware defs. Once
updated do a full system scan with Spyware Doctor and
remove anything it finds.
**Note the free licence only works with spyware doctor
3.0 which is posted above,it doesnt work on the latest 3.2
----------------------------------------------------------
----------------------------------------------------------
Trend Micro Anti-Virus (3 month free trial)
http://www.trendmicro.com/offers/ms-wsc/english.asp
----------------------------------------------------------
----------------------------------------------------------
Mcafee Anti virus (3 month free trial)
http://us.mcafee.com/root/landingpages/default.asp?
lpname=ms_mpfp&cid=8437
----------------------------------------------------------
----------------------------------------------------------
Norton Antivirus (3 month free trial)
http://www.symantecstore.com/dr/v2/ec_dynamic.main?
sp=1&pn=47&sid=27674&cache_id=0
----------------------------------------------------------
----------------------------------------------------------
Regards
Andy Manc
