Hi :)
Please Click Start > Control Panel > Add/Remove Programs
Remove this, if present:
Zango Programs
Open HiJackThis clic "do a system scan only"
checkmark these if present:
O2 - BHO: H - {0A145003-CCA1-48e2-BADF-18331C76FC5F} - aswwer.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\pmnmjig.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O20 - Winlogon Notify: fccabcy - fccabcy.dll (file missing)
O20 - Winlogon Notify: pmnmjig - C:\WINDOWS\SYSTEM32\pmnmjig.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
clic "fix checked"
Please Open notepad and copy/paste the text in the quotebox below into it:
Quote:
File::
C:\WINDOWS\system32\MailSpectre.exe
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\pmnmjig.dll
C:\WINDOWS\system32\aswwer.dll
C:\WINDOWS\shwol.dll
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
Folder::
C:\Program Files\Zango Programs
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A145003-CCA1-48e2-BADF-18331C76FC5F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gtcfaxaz.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccabcy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjig]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjjq32]
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot (in case it asks to reboot),
Please download ATF Cleaner by Atribune.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the
Empty Selected button.
If you use
Firefox browser
* Click
Firefox at the top and choose: Select All
* Click the Empty Selected button.
*
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use
Opera browser
* Click
Opera at the top and choose: Select All
* Click the Empty Selected button.
*
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
Please download
AVG Anti-Spyware to your Desktop or to your usual Download Folder.
* Install
AVG Anti-Spyware by double clicking the installer.
* Follow the prompts. Make sure that
Launch AVG Anti-Spyware is checked.
* On the main screen under
Your Computer's security.
* Click on
Change state next to
Resident shield. It should now change to
inactive.
* Click on
Change state next to
Automatic updates. It should now change to
inactive.
* Next to
Last Update, click on
Update now. (You will need an active internet connection to perform this)
* Wait until you see the Update succesfull message.
* Right-click the AVG Anti-Spyware Tray Icon and uncheck
Start with Windows.
* Right-click the AVG Anti-Spyware Tray Icon and select
Exit. Confirm by clicking
Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the
Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in
Safe Mode.
* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the
F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the
Safe Mode option is selected.
* Press
Enter. The computer then begins to start in Safe mode.
* Login on your usual account.
Once in Safe Mode:
Now we need to do a search.
Start > Search > For Files and Folders
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:
fccabcy.dll
winjjq32.dll
If any of these files are found please delete them.
Close
ALL open Windows / Programs / Folders. Please start
AVG Anti-Spyware and run a full scan.
* Click on
Scanner on the toolbar.
* Click on the
Settings tab.
* Under
How to act?
* Click on
Recommended Action and choose
Quarantine from the popup menu.
* Under
How to scan?
* All checkboxes should be ticked.
* Under
Possibly unwanted software:
* All checkboxes should be ticked.
* Under
Reports:
* Select
Automatically generate report after every scan and uncheck
Only if threats were found.
* Under
What to scan?
* Select
Scan every file.
* Click on the
Scan tab.
* Click on
Complete System Scan to start the scan process.
* Let the program scan the machine.
* When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
* Make sure that
Set all elements to: shows
Quarantine
(1), if not click on the link and choose
Quarantine from the popup menu.
(2) *At the bottom of the window click on the
Apply all Actions button.
(3)
* When done, click the
Save Scan Report button.
(4) *Click the
Save Report as button.
* Save the report to your Desktop.
* Right-click the AVG Anti-Spyware Tray Icon and select
Exit. Confirm by clicking
Yes.
Reboot back into Normal Mode
Post:
C:\combofix.txt
AVG Anti-Spyware log
Fresh
HiJackThis log
