Hi, please run HJT and check the following.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uslly.exe

O4 - HKLM\..\Run: [hldflbwA] C:\WINDOWS\hldflbwA.exe

O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinnrag.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\hr0605dse.dll


Close all browsers and click Fix Checked

-----------------------------------------------------------------------

There are still more infections, but we are going to let the scanners take them out.

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds.

Then download ewido
www.ewido.net - Install. Update. Scan. Remove anything it finds.


Please post a new HJT log, the ewido log, and the spysweeper log.

Hoping that the scanners take most of em' out before we start to do things manually...