I'm not sure if you got idea of what I meant by " Please try to be a bit more patient in the future..." in my first post, but if not, here it is:

1. Those of us who troubleshoot problems here do so on our own spare time, and on a volunteer basis.

2. We all have "real-life" jobs and family lives which might prevent us from participating here for any given amount of time.

3. Your problem is no more pressing that those of our other 20,000+ members'. We haven't forgeotten you, but we might not be able to get to your particular question as soon as you would like.

4. It's the week between christmas and New Years; many of us have other commitments right now.


Given the above; enough with the "bumpidy bump bumpidy bump bump bump bump"s please.

Please post a new hijackthis log if you still require help.

that one is new! Also, the newest version doesnt work on my computer so please just use the old one!

It's 3 days old now .

i lost the file again, please just USE IT. its no big deal

It can be, actually- the newer version probes more possibly problematic areas of you system than version 1.98.2 did, so it can identify more possible "nasties".

But... since you can't seem to get version 1.99.0 running, let's work with what you have:

1. If you ran Ad Aware and SpyBot (after getting their most current updates), and also ran the online virus scans I linked to earlier, they should have gotten rid of more than they did. Please let us know specifically if you have followed each and every suggestion we've posted. If there are any of the steps that you have not performed yet, please do them now and post a new log from your current version of HijackThis.

2. In terms of this: "my account was AKRAM"; try logging in as Administrator instead when booted into Safe Mode. That should then give you access to the folders in question.

3. The log entries: Those entries indicate that you had 2 instances of Internet Explorer running (which could possibly the doings of the spyware). HijackThis cannot fully perform all of its fixes while any instances of IE are running, so before having HJT fix anything:

a) Press the Ctrl, Alt, and Delete keys simultaneously to open Windows Task Manager.
b) In Task Manager, click on the "Processes" tab.
c) In the resulting list of running processes, click on each entry for "iexplore.exe" and click the "End Task" button.
d) Once you've done that, look through the list again and double-check that you see no further entries for iexplore.exe.

4. Once you've verified that IE is no longer running:

- Have HJT fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\nkjchid.exe
O4 - HKLM\..\Run: [pebmfr] C:\WINDOWS\dpdfswlcp.exe
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [lpqmqgvt] C:\WINDOWS\system32\qarbpvmc.exe
O4 - HKLM\..\Run: [cddjoay] C:\WINDOWS\system32\bawmfx\cddjoay.exe
O4 - HKLM\..\Run: [fubpqp] C:\WINDOWS\system32\oprryht\fubpqp.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [gcrrwl] C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe
O4 - HKLM\..\Run: [s7nV32g] jspdx.exe
O4 - HKCU\..\Run: [Flxv] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\system32\lmf32.dll

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Find and delete the following folders entirely:

C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\tsa

- Find and delete the following files:

C:\WINDOWS\System32\nkjchid.exe
C:\WINDOWS\dpdfswlcp.exe
C:\WINDOWS\Lbczxs.exe
C:\WINDOWS\system32\qarbpvmc.exe
C:\WINDOWS\system32\bawmfx\cddjoay.exe
C:\WINDOWS\system32\oprryht\fubpqp.exe
C:\WINDOWS\system32\wdpjdydm\gcrrwl.exe
jspdx.exe
C:\WINDOWS\system32\d?dplay.exe

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.