Hi, I did every step, but I was unable to find the file C:\WINDOWS\System32\31C533FD5F.dll in my computer, thus, I was unable to check it on Jotti's scanner.
Let's try to unhide the file then.
Click Start > Run > type cmd and hit enter.
copy this line into the cmd window:
attrib -r -s -h C:\WINDOWS\System32\31C533FD5F.dll
Right-click in cmd window and choose paste from the popup menu. Hit Enter. Close the CMD window. Normally you should be able to see the file and upload it to Jotti's scanner.
______________________________
I doesn't look that bad as you might think. We will take care of the files found in System Volume Information first.
Turn off System Restore
- Click Start, right-click My Computer, and then click Properties.
- Click the System Restore tab.
- Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
- Click Yes when you receive the prompt to the turn off System Restore.
Turn System Restore back on
- Click Start, right-click My Computer, and then click Properties.
- Click the System Restore tab.
- Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
______________________________
The first Kasperky entries are nothing to worry about, the are backups made by the Apropos Fix. You may delete the folder on your Desktop since we don't need the tool anymore.
C:\Documents and Settings\Hang Zheng\Desktop\aproposfix
Using Windows Explorer, Search and Delete these Files if listed:
C:\installer_1.exe
If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.
______________________________
Navigate to C:\Windows\Prefetch
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Procede like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
______________________________
Since you had various items on your PC, let's do a final cleanup.
If you already have the latest Ad-Aware SE 1.06 version, skip to Run Ad-Aware. Otherwise download Ad-Aware SE 1.06 from here and install it. Uncheck all the options before leaving the Install Wizard.
Run Ad-Aware and Click on the World Icon. Click the Connect button on the webupdate screen. If an update is available download it and install it. Click the Finish button to go back to the main screen.
Click on the Gear Icon (second from the left at the top of the window) to access the Configuration Window.
Click on the General Button on the left and select in green
- Under Safety
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
- Under Definitions
- Prompt to udate outdated definitions - set to 7 days
- Under Driver, Folders & Files
- Scan Within Archives
- Under Select drives & folders to scan
- choose all hard drives
- Under Memory & Registry
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Under Shell Integration
- Move deleted files to Recycle Bin
- Under Logfile Detail Level
- Include addtional object information
- DESELECT - Include negligible objects information (make it show a red X)
- Include environment information
- Under Alternate Data Streams
- Don't log streams smaller than 0 bytes
- Don't log ADS with the following names: CA_INOCULATEIT
- Under the Scanning Engine (Click on the + sign to expand)
- DESELECT Unload recognized processes & modules during scan (make it show a red X)
- Scan registry for all users instead of current user only
- Under the Cleaning Engine (Click on the + sign to expand)
- Always try to unload modules before deletion
- During Removal, unload Explorer and IE if necessary
- Let Windows remove files in use at next reboot
- Under the Log Files (Click on the + sign to expand)
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Include reference summarry in log file
- Include alternate data stream details in log file
______________________________
If Spybot - S&D 1.4 is already installed on your system, skip to Update Spybot - S&D before using it. Otherwise download Spybot - S&D from the following link:
Spybot - Search and Destroy
When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, pressing the Next button until you get to the Select Additional Tasks screen.
Under Permanent protection, make sure to uncheck the following items for now:
- Use Internet Explorer Protection
- Use system settings Protection (TeaTimer)
Launch Spybot - S&D
If you told Spybot to launch when it was done installing, the program should now be open. Otherwise find the icon on your desktop and double-click on it. When you use Spybot - S&D for the first time, it will prompt you for certain tasks to complete. Skip all tasks for now by pressing the Next button. Click on the button labeled Start using this program to begin using Spybot - Search & Destroy.
Update Spybot - S&D before using it
Click on the Search for Updates button. If there are available updates, they will be listed. Click on the Download Updates button and Spybot - S&D will download the updates and install them.
______________________________
Run Ad-Aware and Click on the Scan Now Button
- Choose Perform Full System Scan
- DESELECT Search for negligible risk entries, as negligible risk entries (MRU's) are not considered to be a threat. (make it show a red X)
Click the Next Button to get to the Scanning Results Window where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them, click the Select All entry in the pop-up menu to mark all entries. Click Next and then OK in the dialog box to confirm the removal.
Reboot to complete the removal of what Ad-Aware SE found.
______________________________
Run Spybot - S&D
Click the button Check for Problems
When Spybot is complete, it will be showing RED entries, BLACK entries and GREEN entries in the window.
Make sure that there is a check mark beside all of the RED entries ONLY.
Choose Fix Selected Problems and allow Spybot to fix the RED entries.
If it has trouble removing any spyware, you will get a message window, asking if it would be ok to run Spybot - S&D on the next reboot before any other applications start running. You should reply Yes to this. The next time you start Windows, Spybot will run automatically and fix any of the programs it could not fix previously.
At this point you will be presented with the list of found entries again, but now there will be large green checkmarks next to the items that Spybot - S&D was able to remove. The ones that are still checked but do not have the large green checkmark next to them will be fixed on the next reboot of windows.
______________________________
Please post a new Hijackthis log for a final check and the results from Jotti's scanner if you could find the file.
Kim