Hi TG,
The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close
all browser windows and click the
Fix checked button…
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O3 - Toolbar: Enfish Find... - {1F680408-B58A-40B0-A330-50A344786F97} - C:\Program Files\Enfish Corporation\Client\EtiFndBr.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe
O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe
O4 - HKCU\..\Run: [Slingshot Tray App] C:\Program Files\Enfish Corporation\Client\EtiTray.exe /startup
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe
O4 - Global Startup: Image Transfer.lnk = ?
O16 - DPF: EtiGrab - http://www.enfish.com/smart_install/etiGrab.cab
O18 - Protocol: eti - {3AAE7392-E7AA-11D2-969E-00105A088846} - C:\Program Files\Enfish Corporation\Client\EtiPBrkr.dll
Next, please double click on the
My Computer icon on the desktop. Go to
Tools | Folder Options, click on the
View tab and make sure that
Show hidden files and folders is checked. Also uncheck
Hide protected operating system files. Now click
Apply to all folders, then click
Apply then
OK.
Then boot into safe mode, (see
here for info if needed) and delete the entire contents of the C:\WINNT\
Temp folder, but
not the folder itself. Next please find and delete the following
bolded file...
C:\WINNT\System32\
dcxrpaeur.exe
..and this folder...
C:\Program Files\
Enfish Corporation
Then please boot back into normal mode and download AdAware SE from
here.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
Click on the Gear icon (second from the left) to access the preferences/settings window
1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed
3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot
5. Click on Proceed to save the settings.
6. Click Start and on the next screen choose:
· Use Custom Scanning Options
7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
Next, please reboot again and download Spybot - Search & Destroy 1.3 from
here: if you haven't already got the program.
Click on
Updates | Download Updates, and follow the prompts.
Next, close all Internet Explorer windows, and click
Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in
RED.
Next, please reboot and post a new log for a final once over.
Then, you really need to update your security. XP is on SP2 now, and IE is on SP1. These patches cover huge holes in both operating system and browser. I'd suggest for the OS updates that you get a PC mag disc or similar.. If you're on dial up, it takes forever. The IE patches take less time though. Just lick on teh Windows update button, or go url=http://v4.windowsupdate.microsoft.com/en/default.asp]
here[/url], click
Scan for updates in the main frame, and download and install
all CRITICAL updates recommended. (Again, unless you're on broadband, do the OS patches off a disc.
I've just seen that you sent a new PM, so I'll just go and read that, and then I have to pop out for a an hour. I'll check up how you're doing later.
Cheers
Liam
---------------------------------------------------------------------------------
A member of the
Alliance of Security Analysis Professionals since 2004.