You have a few different "unwanted guests" listed in your log. Please do the following:
- Open your Add/Remove Programs control panel and uninstall these programs if they appear in the list of installed programs:
My Way/My Search/My Bar
Wild Tangent
BrowserAid
BrowserPal
CashToolbar
Web Toolbar
iSearch
If you did not knowingly install the "CrazyTalk" program, remove that as well.
You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.
1. Download and install these utilities (but do not run scans with them yet):
ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.
- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.
- Open Norton Anti-virus and use its LiveUpdate feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it; just close it once it is updated.
3. Download and install the CCleaner utility, but don't run it yet.
4. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing its fixes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\crazytalk.dll,DllServeMediaFile <--if "CrazyTalk" was not intentionally installed
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitt...wave/wtinst.cab
5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
6. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
7. Run Norotn, ewido, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
8. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files (some of these should already have been deleted by the removal utilities):
C:\WINNT\System32\crazytalk.dll <--if "CrazyTalk" was not intentionally installed
C:\WINNT\uptodate.exe
C:\WINNT\Downloaded Program Files\bridge.dll
C:\WINNT\system32\toolbar.dll
- Delete the following folders entirely if they exist:
C:\Program Files\MyWay
C:\Program Files\WildTangent
C:\WINNT\WT
9. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.
