Hi Lucas,
Things look better. One thing we really, really need to know is the NAME of the Trojan that you have disabled in msconfig. Just disabling does not remove it. It is still there on the system but we need to know the name of it in order to be certain that it is gone.
Do NOT be concerned about the Windows Firewall showing as running, this is the DEFAULT setting with XP SP2. It is automatically enabled so leave it running. You can of course install another firewall and then disable this one but, even though it protects only against things coming IN to the computer but not things going OUT I personally feel if you get the computer clean then there would be nothing going out anyway. I use it and am perfectly happy with it. But it is your choice.
Since you don't state for sure which programs you ran from the link I gave you a KEY one I would like you to download and run is AVG Anti-Spyware 7.5
Download, install and update the program but DO NOT scan with it yet.
Enable the Viewing of Hidden Files and Folders
Update the other programs you downloaded, AND your Anti-virus program and then reboot the computer in SAFE MODE
First thing once in Safe Mode that I want you to do is go to Control Panel,
Add/Remove look for and remove any of these if present. If they aren't there don't worry about it.
Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
Then go to Start, Search, Files and Folders.
Type in AOL. The computer will do a search for all files AOL. Once they are found, delete them.
Next I want you to run FULL SYSTEM SCANS with Spybot Search & Destroy, AdAwareSE and remove everything found by each program.
Finally do a FULL SYSTEM SCAN with AVG Anti-spyware.
Have it remove everything found. Save the log for later posting here.
Next, Reboot in NORMAL MODE and with all browsers closed run a new HJT scan and place checkmarks next to the following entries if still present;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xlzydewsgfrlurrwzlzkvzfo.... uN/ojrKi.html
R3 - Default URLSearchHook is missing
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
Once you have placed the checkmarks then click the FIX button.
Exit HJT.
Reboot, run a new HJT scan and save the log. Post it back here along with the AVG Anti-spyware log.
Reply With Quote