Hi Helen,
It looks like an old variant of CoolWebSearch, going by the BHO entry
msiokn.dll entry.
Please go
here and download, unzip and then open CoolWebShredder. Then click on the
Updates button and follow the prompts. Next, run the program by clicking on the
Fix-> button.
CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go
here, click
Scan for updates in the main frame, and download and install
all CRITICAL updates recommended.
Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close
all browser windows and click the
Fix checked button…
O2 - BHO: FFB1 - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - CWINDOWS\msiokn.dll
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - CWINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - CWINDOWS\web\related.htm
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
Next, please double click on the
My Computer icon on the desktop. Go to
Tools | Folder Options, click on the
View tab and make sure that
Show hidden files and folders is checked. Also uncheck
Hide protected operating system files. Now click
Apply to all folders, then click
Apply then
OK.
Then boot into safe mode, (see
here for info if needed) and delete the entire contents of the C:\Windows\
Temp (or C:\WINNT\
Temp) folder, but
not the folder itself. Next please find and delete the following
bolded files...
C:\WINDOWS\
msiokn.dll
Win86.exe
win32x.exe
(you will need to search for the bottom two files, by going to
Start | Find | Files or Folders)
Then please boot back into normal mode and download AdAware 6 181 from
here.
Before you scan with AdAware, check for updates of the reference file by clicking
Check for updates now, and following the prompts.
Now to set it up for optimum performance...
Make sure the following settings are configured. Remember that
ON=GREEN.
From main window click
Start | Activate in-depth scan.
Then click
Use custom scanning options | Customize and have these options switched
ON...
Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files
Then click the
Settings button.. (the gear icon on the top row) then
Tweak | Scanning engine and check..
Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.
and uncheck..
Automatically try to unregister objects prior to deletion.
Then click
Proceed, to save your settings.
Now click the
Scan button.
When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them.
Next, reboot again and download Spybot - Search & Destroy, from
here: if you haven't already got the program.
Click on
Settings, and
Settings again. Go to the
Webupdate section, and check
Display also available beta versions.
Now press
Online, and search for, and put a check mark next to all updates, and install following the prompts.
Next, close all Internet Explorer windows, and click
Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in
RED.
Next reboot and go
here, and run the online virus scan; choosing the
Autoclean option just before clicking the
Scan button. Then please post a new log for a final once over.
Cheers
Liam
-----------------------------------------------------------------------------------
Hi noneofthe above,
sorry.. I didn\'t see your post first time around. Please follow the instructions for posting a HJT log, and I\'ll have a look in the morning. :) 5 pints of real ale (T.E.A. (Traditional English Ale) by the Hogs Back Brewery) and it\'s now beddy bies... :D:D
Cheers
Liam